Bug 31175 - ffmpeg new security issue CVE-2022-3964
Summary: ffmpeg new security issue CVE-2022-3964
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Stig-Ørjan Smelror
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-23 20:51 CET by David Walser
Modified: 2022-11-23 23:10 CET (History)
0 users

See Also:
Source RPM: ffmpeg-5.1.2-2.mga9.src.rpm
CVE:
Status comment: Patch available from upstream

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-11-23 20:51:09 CET 
SUSE has issued an advisory today (November 23):
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013090.html

Mageia 8 is also affected.
David Walser 2022-11-23 20:51:20 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from upstream

Comment 2 Lewis Smith 2022-11-23 21:07:06 CET 
Another one for you, Stig.

Assignee: bugsquad => smelror

Comment 3 Stig-Ørjan Smelror 2022-11-23 23:08:12 CET 
ffmpeg 5.1.2-3 pushed to Cauldron.

MGA8 is not affected as the source file doesn't exist in ffmpeg 4.3.5. Looks like it was introduced in 4.4.x.

Cheers,
Stig

Whiteboard: MGA8TOO => (none)

Comment 4 David Walser 2022-11-23 23:10:06 CET 
Thanks!

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.