ffmpeg 0.9.2 was released on May 3rd, fixing one security issue. ffmpeg 0.9.1 also fixed two security issues. ffmpeg 0.9 ships with avidemux. Patches for those issues were pulled from ffmpeg git and applied to avidemux. Advisory: ======================== Updated avidemux packages fix security vulnerabilities: * vqavideodev: Check image dimensions, fixes out of heap array read (CVE-2012-0947) * vorbis: make sure ch is non zero before calling vorbis_residue_decode (CVE-2011-3895) * ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis decoding (CVE-2011-3893) * mkv: Fix a bug where a pointer was cached to an array that might later move due to a realloc() (CVE-2011-3893) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 ======================== Updated packages in {core,tainted}/updates_testing: ======================== avidemux-2.5.6-2.1.mga2 avidemux-gtk-2.5.6-2.1.mga2 avidemux-qt-2.5.6-2.1.mga2 avidemux-cli-2.5.6-2.1.mga2 from avidemux-2.5.6-2.1.mga2.src.rpm
Blocks: (none) => 6427
Testing procedure: just test some basic functions such as: - resize a video - cut a video - convert a video
CC: (none) => stormiWhiteboard: (none) => has_procedure
Testing i586 now.
CC: (none) => davidwhodgins
Testing complete on Mageia 2 i586. Converted a .flv file to .mpg, and increased the size. I'll test x86-64 shortly.
Created attachment 2621 [details] Terminal output showing backtrack from avidemux-qt Trying exactly the same operation on x86-64 fails.
Whiteboard: has_procedure => has_procedure MGA2-32-OK feedback
CC: (none) => doktor5000
The crash on x86-64 is not a regression, as I'm getting the same with the core release version. Do you want to try and fix it, or should I open a new bug report for the crash, and validate this update?
I'd surmise this isn't something easy for us to fix, so I'd say ship it. Florian, what do you think?
If both versions crash, and noone reported this particular issue, it hasn't surface yet. I'd say ship it, this should not block the update.
Status: NEW => ASSIGNED
Whiteboard: has_procedure MGA2-32-OK feedback => has_procedure MGA2-32-OK
Update validated. See comment #0 for advisory and SRPM.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0218
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED