Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[stable/17.09] ffmpeg: 3.3.4 -> 3.3.5 (CVE-2017-15186) #31915

Merged
merged 1 commit into from Nov 22, 2017

Conversation

andir
Copy link
Member

@andir andir commented Nov 21, 2017

Motivation for this change

Potential (remote) DOS with crafted AVI files in ffmpeg <= 3.3.4.

More details at [1].

[1] http://www.openwall.com/lists/oss-security/2017/10/20/4

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@vcunat vcunat self-assigned this Nov 22, 2017
@vcunat vcunat added 1.severity: security 8.has: port to stable A PR already has a backport to the stable release. labels Nov 22, 2017
@vcunat vcunat merged commit 0944768 into NixOS:release-17.09 Nov 22, 2017
vcunat added a commit that referenced this pull request Nov 22, 2017
Master is on 3.4.x already.
@andir andir deleted the ffmpeg-stable-3.3.5 branch November 22, 2017 01:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants