[Bug 223626] security/vuxml: Document vulnerability in ffmpeg (CVE-2017-15186)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Nov 28 12:20:26 UTC 2017


--- Comment #3 from Vladimir Krstulja <vlad-fbsd at acheronmedia.com> ---
Two new vulns should should be added to this entry:

* CVE-2017-15672

>From what I see, 3.3.5 (that was committed to 2017Q4 today, r454971) includes
the fix. Jan, can you confirm?

* http://git.videolan.org/?p=ffmpeg.git;a=log;h=refs/tags/n3.3.5

  "avcodec/ffv1dec: Fix out of array read in slice counting"

* CVE-2017-16840

New one, affects 3.4 apparently, no upstream release yet.

I'll adjust the patch.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-multimedia mailing list