Mageia alert MGASA-2012-0143 (ffmpeg)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2012-0143: ffmpeg-0.10.4-1.mga2 (2/core,
 tainted) 
Date:
    	     
 
Mon, 9 Jul 2012 17:14:26 +0200
Message-ID:
    	     
 
<20120709151426.GA27351@valstar.mageia.org>
Archive-link:
    	     
 
Article, Thread
              
MGASA-2012-0143
Date: 	July 9th, 2012
Affected releases: 	2


Description:
Updated ffmpeg packages fix security vulnerabilities:

h264: Add check for invalid chroma_format_idc (CVE-2012-0851)

h263dec: Disallow width/height changing with frame threads
(CVE-2011-3937)

These issues had been fixed in previous ffmpeg releases, but the fixes
were accidentally reverted before 0.10.3. This updates ffmpeg to
0.10.4 which fixes this issues again and fixes other bugs as well.


Updated Packages:
ffmpeg-0.10.4-1.mga2
lib(64)avcodec53-0.10.4-1.mga2
lib(64)avfilter2-0.10.4-1.mga2
lib(64)avformat53-0.10.4-1.mga2
lib(64)avutil51-0.10.4-1.mga2
lib(64)ffmpeg-devel-0.10.4-1.mga2
lib(64)ffmpeg-static-devel-0.10.4-1.mga2
lib(64)postproc52-0.10.4-1.mga2
lib(64)swresample0-0.10.4-1.mga2
lib(64)swscaler2-0.10.4-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851
https://bugs.mageia.org/show_bug.cgi?id=6486
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...