MGASA-2012-0143
| Date: | July 9th, 2012 |
| Affected releases: | 2 |
Description:
Updated ffmpeg packages fix security vulnerabilities:
h264: Add check for invalid chroma_format_idc (CVE-2012-0851)
h263dec: Disallow width/height changing with frame threads
(CVE-2011-3937)
These issues had been fixed in previous ffmpeg releases, but the fixes
were accidentally reverted before 0.10.3. This updates ffmpeg to
0.10.4 which fixes this issues again and fixes other bugs as well.
Updated Packages:
ffmpeg-0.10.4-1.mga2
lib(64)avcodec53-0.10.4-1.mga2
lib(64)avfilter2-0.10.4-1.mga2
lib(64)avformat53-0.10.4-1.mga2
lib(64)avutil51-0.10.4-1.mga2
lib(64)ffmpeg-devel-0.10.4-1.mga2
lib(64)ffmpeg-static-devel-0.10.4-1.mga2
lib(64)postproc52-0.10.4-1.mga2
lib(64)swresample0-0.10.4-1.mga2
lib(64)swscaler2-0.10.4-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851
https://bugs.mageia.org/show_bug.cgi?id=6486
