File _patchinfo of Package patchinfo.35550

<patchinfo incident="35550">
  <issue tracker="cve" id="2023-48368"/>
  <issue tracker="cve" id="2023-47169"/>
  <issue tracker="cve" id="2023-47282"/>
  <issue tracker="cve" id="2023-22656"/>
  <issue tracker="cve" id="2023-45221"/>
  <issue tracker="cve" id="2024-7055"/>
  <issue tracker="bnc" id="1226898">VUL-0: CVE-2023-45221: libmfx: improper buffer restrictions</issue>
  <issue tracker="bnc" id="1226901">VUL-0: CVE-2023-47169: libmfx: improper buffer restrictions</issue>
  <issue tracker="bnc" id="1226899">VUL-0: CVE-2023-22656: libmfx: out-of-bounds read</issue>
  <issue tracker="bnc" id="1226892">L3: L3-Question: Multiple vulnerabilities in the Intel Media SDK (libmfx1) &#8212; ref:_00D1igLOd._500TrCexKD:ref</issue>
  <issue tracker="bnc" id="1226897">VUL-0: CVE-2023-48368: libmfx: improper input validation</issue>
  <issue tracker="bnc" id="1226900">VUL-0: CVE-2023-47282: libmfx: out-of-bounds write</issue>
  <issue tracker="bnc" id="1229026">VUL-0: CVE-2024-7055: ffmpeg,ffmpeg-4: heap-based buffer overflow in pnmdec.c</issue>
  <issue tracker="jsc" id="PED-10024"/>
  <packager>qzhao</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ffmpeg-4</summary>
  <description>This update for ffmpeg-4 fixes the following issues:

- Dropped support for libmfx to fix the following CVEs:
  * libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
  * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
  * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
  * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
  * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
- CVE-2024-7055: heap-based buffer overflow in pnmdec.c from the libavcodec library. (bsc#1229026)
</description>
</patchinfo>