+++ This bug was initially created as a clone of Bug #31675 +++ Fedora has issued an advisory today (March 14): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FTSFKF7VKRUQBG3BV5JUKE7ZZLGPI34D/ The issues are fixed upstream in 6.0. Mageia 8 is also affected. These CVEs came from Chrome. I don't see any added patches in the Chromium source code, though they might have just updated the ffmpeg source itself. Leaving this bug for when/if we get any additional information on these CVEs.
Status comment: (none) => Fixed upstream in 6.0
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31796
Whiteboard: (none) => MGA9TOOCC: (none) => nicolas.salguero
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=32964
SUSE has issued an advisory on April 29: https://lwn.net/Articles/971733/
Status comment: Fixed upstream in 6.0 => Fixed upstream in 7.0Summary: ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7] => ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7], CVE-2023-49502, CVE-2024-31578
Debian has issued an advisory on June 15: https://lwn.net/Articles/978677/
Summary: ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7], CVE-2023-49502, CVE-2024-31578 => ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7], CVE-2023-49502, CVE-2023-50010, CVE-2023-5179[3458], CVE-2023-51798, CVE-2024-31578, CVE-2024-31585
Source RPM: ffmpeg-5.1.2-3.mga9.src.rpm => ffmpeg-5.1.4-2.1.mga10.src.rpm
If I understand correctly the information I found from Debian, version 5.1.5 should solve CVE-2023-50010, CVE-2023-5179[3458] and CVE-2024-31585.
Summary: ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7], CVE-2023-49502, CVE-2023-50010, CVE-2023-5179[3458], CVE-2023-51798, CVE-2024-31578, CVE-2024-31585 => ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7], CVE-2023-49502, CVE-2023-50010, CVE-2023-5179[3458], CVE-2024-31578, CVE-2024-31585
Depends on: (none) => 33338
CVE-2023-50010, CVE-2023-5179[3458] and CVE-2024-31585 in bug 33338.
Summary: ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7], CVE-2023-49502, CVE-2023-50010, CVE-2023-5179[3458], CVE-2024-31578, CVE-2024-31585 => ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], CVE-2023-122[0-7], CVE-2023-49502, CVE-2024-31578