[v3.0] ffmpeg: vulnerability in lzo implementation (CVE-2014-4609 CVE-2014-4610)
A vulnerability has been identified in the FFmpeg LZO implementation.
This has been fixed in new releases: 2.2.4, 2.1.5, 2.0.5, 1.2.7, 1.1.12, 0.10.14. They also fix serveral other bugs.
ffmpeg in Alpine Linux should be upgraded.
References:
http://www.openwall.com/lists/oss-security/2014/06/26/23
https://www.ffmpeg.org/ (News of June 29, 2014, FFmpeg 2.2.4, 2.1.5,
2.0.5, 1.2.7, 1.1.12, 0.10.14)
https://www.ffmpeg.org/security.html
(from redmine: issue id 3123, created on 2014-07-02, closed on 2014-07-17)
- Relations:
- parent #3119 (closed)
- Changesets:
- Revision e980dbf9 by Natanael Copa on 2014-07-16T10:36:18Z:
main/ffmpeg: security upgrade to 2.2.5 (CVE-2014-4609,CVE-2014-4610)
fixes #3123