Overview

File _patchinfo of Package patchinfo.8735

<patchinfo incident="8735">
  <packager>AndreasStieger</packager>
  <issue tracker="bnc" id="1092241">build ffmpeg using webvtt</issue>
  <issue tracker="bnc" id="1105869">VUL-1: CVE-2018-15822: ffmpeg: The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2does not check for an empty audio packet, leading to an assertion failure.</issue>
  <issue tracker="bnc" id="1100348">VUL-1: CVE-2018-13300: ffmpeg: Improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function may trigger an out-of-array read</issue>
  <issue tracker="cve" id="2018-15822"></issue>
  <issue tracker="cve" id="2018-13300"></issue>
  <category>security</category>
  <rating>low</rating>
  <summary>Security update for ffmpeg-4</summary>
  <description>This update for ffmpeg-4 to version 4.0.2 fixes the following issues:

These security issues were fixed:

- CVE-2018-15822: The flv_write_packet function did not check for an empty
  audio packet, leading to an assertion failure and DoS (bsc#1105869).
- CVE-2018-13300: An improper argument passed to the avpriv_request_sample
  function may have triggered an out-of-array read while converting a crafted AVI
  file to MPEG4, leading to a denial of service and possibly an information
  disclosure (bsc#1100348).

These non-security issues were fixed:

- Enable webvtt encoders and decoders (boo#1092241).
- Build codec2 encoder and decoder, add libcodec2 to
  enable_decoders and enable_encoders.
- Enable mpeg 1 and 2 encoders.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places