On January 12, ffmpeg issued version 0.6.5 to fix these security issues. We should update to it for Mageia 1. mplayer and blender are also likely affected by these (internal ffmpeg) and would need to be updated as well. In Cauldron, ffmpeg and mplayer are not affected, but blender may be if its internal ffmpeg hasn't been updated recently.
You forgot gstreamer0.10-ffmpeg and avidemux, all of these carry bundled copies of ffmpeg. Additionally i've stumbled about this: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/maverick/ffmpeg/maverick-security/revision/54 Here's a short summary for that advisory: * CVE-2011-3504: denial of service and possible code execution via malformed Matroska file * CVE-2011-4351: denial of service and possible code execution via malformed file containing QDM2 stream * CVE-2011-4352: denial of service and possible code execution via malformed file containing VP3 stream * CVE-2011-4353: denial of service and possible code execution via malformed file containing VP5 or VP6 streams * CVE-2011-4364: denial of service and possible code execution via malformed VMD file * CVE-2011-4579: denial of service and possible code execution via malformed file containing svq1 stream So the following packages should be checked and updated, also if the last mplayer update applies to them as well ( http://svnweb.mageia.org/packages?view=revision&revision=194375 ) - avidemux - blender - gstreamer0.10-ffmpeg - ffmpeg - mplayer
CC: (none) => doktor5000
OK Funda Wang has built an update for ffmpeg 0.6.5 and made Bug 4147 for it. doktor5000 is building an update for this and previous missed updates for avidemux due to internal ffmpeg. He'll post a bug for that shortly. Let's use this bug to track the updates for all affected packages.
Summary: ffmpeg new security issues CVE-2011-3892, CVE-2011-3893, and CVE-2011-3895 => ffmpeg new security issues CVE-2011-3892, CVE-2011-3893, and CVE-2011-3895 affect other packages
Depends on: (none) => 4147
Depends on: 4147 => 4152
gstreamer0.10-ffmpeg is Bug 4152
Blender is Bug 4153
Depends on: (none) => 4153
mplayer is Bug 4154
Depends on: (none) => 4154
(In reply to comment #5) > mplayer is Bug 4154 (you can see that easily with https://bugs.mageia.org/showdependencytree.cgi?id=4146&hide_resolved=1 so no need to add comment)
Depends on: (none) => 4157
All better now :o)
Status: NEW => RESOLVEDResolution: (none) => FIXED