Leaving with you for the moment at least.

Ubuntu has issued an advisory for this on February 27:
https://ubuntu.com/security/notices/USN-5895-1

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. (CVE-2022-38850)

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38851)

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38855)

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38858)

Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38860)

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. (CVE-2022-38861)

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38863)

Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38864)

Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38865)

Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38866)

References:
https://www.debian.org/lts/security/2022/dla-3255
https://ubuntu.com/security/notices/USN-5895-1
========================

Updated packages in core/updates_testing:
========================
mencoder-1.5-12.1.mga9
mplayer-1.5-12.1.mga9
mplayer-doc-1.5-12.1.mga9
mplayer-gui-1.5-12.1.mga9

from SRPM:
mplayer-1.5-12.1.mga9.src.rpm

Updated packages in tainted/updates_testing:
========================
mencoder-1.5-12.1.mga9.tainted
mplayer-1.5-12.1.mga9.tainted
mplayer-doc-1.5-12.1.mga9.tainted
mplayer-gui-1.5-12.1.mga9.tainted

from SRPM:
mplayer-1.5-12.1.mga9.tainted.src.rpm

Version: Cauldron => 9
CVE: (none) => CVE-2022-38850, CVE-2022-38851, CVE-2022-38855, CVE-2022-38858, CVE-2022-38860, CVE-2022-38861, CVE-2022-38863, CVE-2022-38864, CVE-2022-38865, CVE-2022-38866
Assignee: luigiwalser => qa-bugs
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)
Source RPM: mplayer-1.5-10.mga9.src.rpm => mplayer-1.5-12.mga9.src.rpm, mplayer-1.5-12.mga9.tainted.src.rpm

Installed and tested tainted version without issues.

Tested:
- playing multiple video and audio files;
- outputs: xv, x11, gl, vdpau;
- mplayer-gui;
- mencoder (only a few examples from https://wiki.archlinux.org/title/MEncoder);

No regressions noticed.



System: Mageia 9, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.



$ uname -a
Linux jupiter 6.6.18-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sat Feb 24 02:17:35 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep -E '(mplayer|mencoder).*-1.5'
mplayer-1.5-12.1.mga9.tainted
mplayer-gui-1.5-12.1.mga9.tainted
mencoder-1.5-12.1.mga9.tainted
$ vdpauinfo 
display: :0   screen: 0
API version: 1
Information string: G3DVL VDPAU Driver Shared Library version 1.0
<SNIP>

CC: (none) => mageia

Installed core updates, mp4 video and wav plays OK.
Did a conversion:
$ mencoder 12de\ man-1.mp4 -o 12.avi -oac mp3lame -ovc lavc
and resulting avi file plays OK with vlc and mplayer.

CC: (none) => herman.viaene

Did the same with tainted versions, all work OK.

Whiteboard: (none) => MGA9-64-OK

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0062.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED