[Bug 223626] security/vuxml: Document vulnerability in ffmpeg (CVE-2017-15186)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Nov 28 12:20:26 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223626
--- Comment #3 from Vladimir Krstulja <vlad-fbsd at acheronmedia.com> ---
Two new vulns should should be added to this entry:
* CVE-2017-15672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672
>From what I see, 3.3.5 (that was committed to 2017Q4 today, r454971) includes
the fix. Jan, can you confirm?
* http://git.videolan.org/?p=ffmpeg.git;a=log;h=refs/tags/n3.3.5
"avcodec/ffv1dec: Fix out of array read in slice counting"
* CVE-2017-16840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840
New one, affects 3.4 apparently, no upstream release yet.
I'll adjust the patch.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-multimedia
mailing list