Fedora has issued an advisory today (April 13): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/ It claims that CVE-2022-48434 is fixed upstream in 5.1.3, but upstream's page only shows that being fixed in 6.0, so we should double check that for Cauldron. Upstream's page also shows CVE-2022-2566 fixed in 6.0, which we haven't addressed yet. http://ffmpeg.org/security.html There are other issues fixed in 6.0 in Bug 31677.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31677
Another ffmpeg CVE fix for Stig.
Assignee: bugsquad => smelrorStatus comment: (none) => ? fixed in 6.0
Status comment: ? fixed in 6.0 => Fixed upstream in 6.0
SUSE has issued an advisory for CVE-2022-48434 on May 2: https://lists.suse.com/pipermail/sle-security-updates/2023-May/014717.html They back ported a fix to FFmpeg 4.4.x.
Mageia 8 EOL.
Status: NEW => RESOLVEDResolution: (none) => OLDCC: (none) => nicolas.salguero