ffmpeg 0.5.10 was released on June 9th, fixing some security issues. blender is built with an internal copy of ffmpeg, which has been updated. Advisory: ======================== Updated blender package fixes security vulnerabilities: * dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) * h264: Add check for invalid chroma_format_idc (CVE-2012-0851) * adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) * kmvc: Check palsize (CVE-2011-3952) Blender's internal copy of ffmpeg has been updated to 0.5.10 to fix these issues, as well as some other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 ======================== Updated packages in {core,tainted}/updates_testing: ======================== blender-2.49b-11.3.mga1 from blender-2.49b-11.3.mga1.src.rpm
CC: (none) => fundawangBlocks: (none) => 6427
This update was built by Funda Wang.
Blocks: (none) => 5033
Testing procedure: follow http://www.youtube.com/watch?v=caIg7sIX6d4
CC: (none) => stormi
Whiteboard: (none) => has_procedure
I had a few spare minutes so I thought I'd have a go with Mga1 i586, but the tutorial doesn't match what's on the interface I've got. I see someone else left a comment underneath that the tutorial's out of date. Carolyn
CC: (none) => isolde
How so? The blender version hasn't been updated and it seemed to match well enough when Claire and I followed it to QA a previous update of this package.
The very first thing I was supposed to click on (multires) brought up some options that didn't look anything like in the tutorial and I couldn't work out how to get to where the tutor was. I haven't got a clue about Blender anyway, which doesn't help. Unfortunately I won't have time to have another go now. Carolyn
After discussing with David, it appears that we don't need to push the tainted build, it belongs to another bug report.
Testing Mageia 1 i586 now.
CC: (none) => davidwhodgins
Testing complete on Mageia 1 i586
Whiteboard: has_procedure => has_procedure MGA1-32-OK
Testing complete on Mageia 1 x86-64. Could someone on the sysadmin team push the srpm blender-2.49b-11.3.mga1 from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated blender package fixes security vulnerabilities: * dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) * h264: Add check for invalid chroma_format_idc (CVE-2012-0851) * adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) * kmvc: Check palsize (CVE-2011-3952) Blender's internal copy of ffmpeg has been updated to 0.5.10 to fix these issues, as well as some other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 https://bugs.mageia.org/show_bug.cgi?id=6485
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure MGA1-32-OK => has_procedure MGA1-32-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0199
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED