ffmpeg: vulnerability in lzo implementation (CVE-2014-4609 CVE-2014-4610)
A vulnerability has been identified in the FFmpeg LZO implementation.
This has been fixed in new releases: 2.2.4, 2.1.5, 2.0.5, 1.2.7, 1.1.12, 0.10.14. They also fix serveral other bugs.
ffmpeg in Alpine Linux should be upgraded.
References:
http://www.openwall.com/lists/oss-security/2014/06/26/23
https://www.ffmpeg.org/ (News of June 29, 2014, FFmpeg 2.2.4, 2.1.5,
2.0.5, 1.2.7, 1.1.12, 0.10.14)
https://www.ffmpeg.org/security.html
(from redmine: issue id 3119, created on 2014-07-02, closed on 2014-07-17)
- Relations:
- relates #3108 (closed)
- child #3120 (closed)
- child #3121 (closed)
- child #3122 (closed)
- child #3123 (closed)