ffmpeg 0.6.6 was released on June 9th, fixing several security issues. Patches for those issues were pulled from ffmpeg git and applied to avidemux. Advisory: ======================== Updated avidemux packages fix security vulnerabilities: * CVE-2011-3893, CVE-2011-3895: denial of service and possible code execution via malformed stream for the vorbis decoder and matroska demuxer * nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) * dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) * atrac3: Fix crash in tonal component decoding (CVE-2012-0853) * mjpegbdec: Fix overflow in SOS (CVE-2011-3947) * kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) * vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) * dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) * aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) * h264: Add check for invalid chroma_format_idc (CVE-2012-0851) * adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) * shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) * kmvc: Check palsize (CVE-2011-3952) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 ======================== Updated packages in {core,tainted}/updates_testing: ======================== avidemux-2.5.4-5.3.mga1 avidemux-gtk-2.5.4-5.3.mga1 avidemux-qt-2.5.4-5.3.mga1 avidemux-cli-2.5.4-5.3.mga1 from avidemux-2.5.4-5.3.mga1.src.rpm
Blocks: (none) => 6427
Testing complete on Mageia 1 x86-64. Just testing that basic functions such as resizing a video is working. I'll test i586 shortly.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA1-64-OK
Testing complete on Mageia 1 i586. Could someone from the sysadmin team push the srpm avidemux-2.5.4-5.3.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated avidemux packages fix security vulnerabilities: * CVE-2011-3893, CVE-2011-3895: denial of service and possible code execution via malformed stream for the vorbis decoder and matroska demuxer * nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) * dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) * atrac3: Fix crash in tonal component decoding (CVE-2012-0853) * mjpegbdec: Fix overflow in SOS (CVE-2011-3947) * kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) * vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) * dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) * aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) * h264: Add check for invalid chroma_format_idc (CVE-2012-0851) * adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) * shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) * kmvc: Check palsize (CVE-2011-3952) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 https://bugs.mageia.org/show_bug.cgi?id=6955
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1-64-OK => MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0204
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED