User: Password:
Subscribe / Log in / New account

Mageia alert MGASA-2012-0142 (ffmpeg)

From:  Mageia Updates <>
Subject:  [updates-announce] MGASA-2012-0142: ffmpeg-0.6.6-0.1.mga1 (1/core, tainted)
Date:  Mon, 9 Jul 2012 17:02:37 +0200
Message-ID:  <>
Archive-link:  Article, Thread

MGASA-2012-0142 Date: July 9th, 2012 Affected releases: 1 Description: Updated ffmpeg packages fix security vulnerabilities: nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) atrac3: Fix crash in tonal component decoding (CVE-2012-0853) mjpegbdec: Fix overflow in SOS (CVE-2011-3947) kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) h264: Add check for invalid chroma_format_idc (CVE-2012-0851) adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) kmvc: Check palsize (CVE-2011-3952) several other bugs were fixed as well, see the ChangeLog Updated Packages: ffmpeg-0.6.6-0.1.mga1 lib(64)avformats52-0.6.6-0.1.mga1 lib(64)avutil50-0.6.6-0.1.mga1 lib(64)ffmpeg-devel-0.6.6-0.1.mga1 lib(64)ffmpeg-static-devel-0.6.6-0.1.mga1 lib(64)ffmpeg52-0.6.6-0.1.mga1 lib(64)postproc51-0.6.6-0.1.mga1 lib(64)swscaler0-0.6.6-0.1.mga1 References:;a=blob;f=Changelog;...

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds