File _patchinfo of Package patchinfo.11725

<patchinfo incident="11725">
  <issue tracker="bnc" id="1133123">LTO: ffmpeg-4 build fails</issue>
  <issue tracker="bnc" id="1149839">VUL-1: CVE-2019-15942: ffmpeg,ffmpeg-4: Conditional jump or move depends on uninitialised value" issue in h2645_parse</issue>
  <issue tracker="bnc" id="1133155">VUL-0: CVE-2019-11338: ffmpeg-4: libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly ha</issue>
  <issue tracker="bnc" id="1100345">VUL-0: CVE-2018-13305: ffmpeg: In FFmpeg 4.0.1, due to a missing check for negative values of the mqauntvariable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c maytrigger an out-of-array access while converting a crafted A</issue>
  <issue tracker="bnc" id="1133153">VUL-0: CVE-2019-11339: ffmpeg,ffmpeg-4: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified</issue>
  <issue tracker="cve" id="2017-17555"/>
  <issue tracker="cve" id="2019-11339"/>
  <issue tracker="cve" id="2018-13305"/>
  <issue tracker="cve" id="2019-15942"/>
  <issue tracker="cve" id="2019-11338"/>
  <packager>plater</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for ffmpeg-4</summary>
  <description>This update for ffmpeg-4 fixes the following issues:

ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 

- CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c
  in FFmpeg 4.0 allowed remote attackers to cause a denial of service
  (out-of-array access) or possibly have unspecified. (bsc#1133153)
- For other changes see /usr/share/doc/packages/libavcodec58/Changelog

Update to version 4.2.1:

* Stable bug fix release, mainly codecs and format fixes.

- CVE-2019-15942: Conditional jump or move depends on uninitialised value" issue in h2645_parse (boo#1149839)

Update to FFmpeg 4.2 "Ada"

* tpad filter
* AV1 decoding support through libdav1d
* dedot filter
* chromashift and rgbashift filters
* freezedetect filter
* truehd_core bitstream filter
* dhav demuxer
* PCM-DVD encoder
* GIF parser
* vividas demuxer
* hymt decoder
* anlmdn filter
* maskfun filter
* hcom demuxer and decoder
* ARBC decoder
* libaribb24 based ARIB STD-B24 caption support (profiles A and C)
* Support decoding of HEVC 4:4:4 content in nvdec and cuviddec
* removed libndi-newtek
* agm decoder
* KUX demuxer
* AV1 frame split bitstream filter
* lscr decoder
* lagfun filter
* asoftclip filter
* Support decoding of HEVC 4:4:4 content in vdpau
* colorhold filter
* xmedian filter
* asr filter
* showspatial multimedia filter
* VP4 video decoder
* IFV demuxer
* derain filter
* deesser filter
* mov muxer writes tracks with unspecified language instead of English by default
* added support for using clang to compile CUDA kernels

- See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.

Update to version 4.1.4

* See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.

- Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen

Update to version 4.1.3:

* Updates and bug fixes for codecs, filters and formats.
  [boo#1133153, boo#1133155, CVE-2019-11338, CVE-2019-11339]

Update to version 4.1.2:

* Updates and bug fixes for codecs, filters and formats.

Update to version 4.1.1:

* Various filter and codec fixes and enhancements.
* configure: Add missing xlib dependency for VAAPI X11 code.
* For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog
* enable AV1 support on x86_64

Update ffmpeg to 4.1:

* Lots of filter updates as usual: deblock, tmix, aplify,
  fftdnoiz, aderivative, aintegral, pal75bars, pal100bars,
  adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D LUT
  filter (lut1d), cue, acue, transpose_npp, amultiply,
  Block-Matching 3d (bm3d) denoising filter, acrossover filter,
  audio denoiser as afftdn filter, sinc audio filter source,
  chromahold, setparams, vibrance, xstack,
  (a)graphmonitor filter yadif_cuda filter.
* AV1 parser
* Support for AV1 in MP4
* PCM VIDC decoder and encoder
* libtensorflow backend for DNN based filters like srcnn
* -- The following only enabled in third-party builds:
* ATRAC9 decoder
* AVS2 video decoder via libdavs2
* IMM4 video decoder
* Brooktree ProSumer video decoder
* MatchWare Screen Capture Codec decoder
* WinCam Motion Video decoder
* RemotelyAnywhere Screen Capture decoder
* AVS2 video encoder via libxavs2
* ILBC decoder
* SER demuxer
* Decoding S12M timecode in H264
* For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1

Update ffmpeg to 4.0.3:

* For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3

- CVE-2018-13305: Added a missing check for negative values of mqaunt variable (boo#1100345).

</description>
</patchinfo>