FFmpeg 4.1.5 has been released on January 7, fixing more security issues: https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.5 http://ffmpeg.org/download.html http://ffmpeg.org/security.html
Note that there are core and tainted builds for this package. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=8065#c6 https://bugs.mageia.org/show_bug.cgi?id=14042#c6 Advisory: ======================== Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several security vulnerabilities and other bugs which were corrected upstream. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17539 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17542 https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.5 http://ffmpeg.org/download.html http://ffmpeg.org/security.html ======================== Updated packages in {core,tainted}/updates_testing: ======================== ffmpeg-4.1.5-1.mga7 libavcodec58-4.1.5-1.mga7 libpostproc55-4.1.5-1.mga7 libavformat58-4.1.5-1.mga7 libavutil56-4.1.5-1.mga7 libavresample4-4.1.5-1.mga7 libswscaler5-4.1.5-1.mga7 libavfilter7-4.1.5-1.mga7 libswresample3-4.1.5-1.mga7 libffmpeg-devel-4.1.5-1.mga7 libffmpeg-static-devel-4.1.5-1.mga7 from ffmpeg-4.1.5-1.mga7.src.rpm
Keywords: (none) => has_procedureAssignee: bugsquad => qa-bugs
mga7-64 - ffmpeg-4.1.5-1.mga7.x86_64 - lib64avcodec58-4.1.5-1.mga7.x86_64 - lib64avfilter7-4.1.5-1.mga7.x86_64 - lib64avformat58-4.1.5-1.mga7.x86_64 - lib64avresample4-4.1.5-1.mga7.x86_64 - lib64avutil56-4.1.5-1.mga7.x86_64 - lib64postproc55-4.1.5-1.mga7.x86_64 - lib64swresample3-4.1.5-1.mga7.x86_64 - lib64swscaler5-4.1.5-1.mga7.x86_64 $ ffmpeg -v ffmpeg version 4.1.5 Copyright (c) 2000-2020 the FFmpeg developers built with gcc 8.3.1 (Mageia 8.3.1-0.20190524.1.mga7) 20190524 configuration: --prefix=/usr --enable-shared --enable-pic --libdir=/usr/lib64 --shlibdir=/usr/lib64 --incdir=/usr/include --disable-stripping --enable-postproc --enable-gpl --enable-pthreads --enable-libtheora --enable-libvorbis --disable-encoder=vorbis --enable-libvpx --enable-runtime-cpudetect --enable-libaom --enable-libdc1394 --enable-librtmp --enable-libspeex --enable-libfreetype --enable-libgsm --enable-libcelt --enable-libopus --enable-libopencv --enable-libopenjpeg --enable-libtwolame --enable-libxavs --enable-frei0r --enable-libmodplug --enable-libass --enable-gnutls --enable-libcdio --enable-libpulse --enable-libv4l2 --enable-avresample --enable-opencl --enable-libmp3lame --enable-sndio --enable-libdav1d --disable-decoder=aac --disable-encoder=aac libavutil 56. 22.100 / 56. 22.100 libavcodec 58. 35.100 / 58. 35.100 libavformat 58. 20.100 / 58. 20.100 libavdevice 58. 5.100 / 58. 5.100 libavfilter 7. 40.101 / 7. 40.101 libavresample 4. 0. 0 / 4. 0. 0 libswscale 5. 3.100 / 5. 3.100 libswresample 3. 3.100 / 3. 3.100 libpostproc 55. 3.100 / 55. 3.100 converted a video converted an m4a to mp3 converted a wav to ogg my tests work
CC: (none) => brtians1Whiteboard: (none) => MGA7-64-OK
tainted packages also need testing
CC: (none) => tmbKeywords: (none) => advisory
I get the following when I try to pick ffmpeg 4.1.5.1 (i586) "Sorry, the following package cannot be selected: - libavcodec58-4.1.5-1.mga7.tainted.i586 (due to unsatisfied libx264.so.155)" So I went back and tried to install that lib and got the same message. Dependency issue?
Whiteboard: MGA7-64-OK => MGA7-64-OK feedback
(In reply to Brian Rockwell from comment #4) > I get the following when I try to pick ffmpeg 4.1.5.1 (i586) > > "Sorry, the following package cannot be selected: > > - libavcodec58-4.1.5-1.mga7.tainted.i586 (due to unsatisfied libx264.so.155)" > > So I went back and tried to install that lib and got the same message. > Dependency issue? This was all when trying to pick ffmpeg from the tainted library.
You need to enable tainted updates.
Whiteboard: MGA7-64-OK feedback => MGA7-64-OK
Thanks David, that worked - The following 14 packages are going to be installed: - ffmpeg-4.1.5-1.mga7.tainted.i586 - libavcodec58-4.1.5-1.mga7.tainted.i586 - libavfilter7-4.1.5-1.mga7.tainted.i586 - libavformat58-4.1.5-1.mga7.tainted.i586 - libavresample4-4.1.5-1.mga7.tainted.i586 - libavutil56-4.1.5-1.mga7.tainted.i586 - libopencore-amr0-0.1.5-2.mga7.tainted.i586 - libpostproc55-4.1.5-1.mga7.tainted.i586 - libswresample3-4.1.5-1.mga7.tainted.i586 - libswscaler5-4.1.5-1.mga7.tainted.i586 - libvo-amrwbenc0-0.1.3-3.mga7.tainted.i586 - libx264_155-0.155-0.20181228.stable.1.mga7.tainted.i586 - libx265_169-3.0-2.mga7.tainted.i586 - libxvidcore4-1.3.5-3.1.mga7.tainted.i586 $ ffmpeg -version ffmpeg version 4.1.5 Copyright (c) 2000-2020 the FFmpeg developers built with gcc 8.3.1 (Mageia 8.3.1-0.20190524.1.mga7) 20190524 configuration: --prefix=/usr --enable-shared --enable-pic --libdir=/usr/lib --shlibdir=/usr/lib --incdir=/usr/include --disable-stripping --enable-postproc --enable-gpl --enable-pthreads --enable-libtheora --enable-libvorbis --disable-encoder=vorbis --enable-libvpx --enable-runtime-cpudetect --enable-libaom --enable-libdc1394 --enable-librtmp --enable-libspeex --enable-libfreetype --enable-libgsm --enable-libcelt --enable-libopus --enable-libopencv --enable-libopenjpeg --enable-libtwolame --enable-libxavs --enable-frei0r --enable-libmodplug --enable-libass --enable-gnutls --enable-libcdio --enable-libpulse --enable-libv4l2 --enable-avresample --enable-opencl --enable-libmp3lame --enable-sndio --enable-libdav1d --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-version3 --enable-libx264 --enable-libx265 --enable-libvo-amrwbenc --enable-libxvid libavutil 56. 22.100 / 56. 22.100 libavcodec 58. 35.100 / 58. 35.100 libavformat 58. 20.100 / 58. 20.100 libavdevice 58. 5.100 / 58. 5.100 libavfilter 7. 40.101 / 7. 40.101 libavresample 4. 0. 0 / 4. 0. 0 libswscale 5. 3.100 / 5. 3.100 libswresample 3. 3.100 / 3. 3.100 libpostproc 55. 3.100 / 55. 3.100 Converted some flac files to mp3's Converted video from one format to another. Works for me.
Whiteboard: MGA7-64-OK => MGA7-64-OK MGA7-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0046.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CVE-2019-13390 was also fixed in 4.1.5.
Summary: FFmpeg 4.1.5 (fixes CVE-2019-17539 and CVE-2019-17542) => FFmpeg 4.1.5 (fixes CVE-2019-13390, CVE-2019-17539, and CVE-2019-17542)
CVE-2020-2204[68] and CVE-2020-22054 were also fixed in 4.1.5: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHYNSW2TAJSSTZPOYXQXGZDI6LYBWIT4/
CVE-2020-22025 also fixed in 4.1.5: https://www.debian.org/security/2021/dsa-4990
Fixed in 4.2.2 and possibly 4.1.5 if 4.1.x was affected are: CVE-2020-2089[12569] CVE-2020-20902 CVE-2021-3809[2-4]: https://lists.suse.com/pipermail/sle-security-updates/2021-October/009650.html
(In reply to David Walser from comment #12) > Fixed in 4.2.2 and possibly 4.1.5 if 4.1.x was affected are: > CVE-2020-2089[12569] CVE-2020-20902 CVE-2021-3809[2-4]: > https://lists.suse.com/pipermail/sle-security-updates/2021-October/009650. > html openSUSE reference: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HVCB2YATP2LRWUBIGFYZQUFV52VSFT2B/