Hello community, here is the log from the commit of package ffmpeg for openSUSE:Factory checked in at 2017-07-23 12:13:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg (Old) and /work/SRC/openSUSE:Factory/.ffmpeg.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ffmpeg" Sun Jul 23 12:13:11 2017 rev:30 rq:511228 version:3.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg/ffmpeg.changes 2017-07-02 13:37:05.464259837 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg.new/ffmpeg.changes 2017-07-23 12:13:34.826689709 +0200 @@ -1,0 +2,6 @@ +Tue Jul 18 08:47:03 UTC 2017 - jengelh@inai.de + +- Add 0001-avcodec-apedec-Fix-integer-overflow.patch + to address CVE-2017-11399 [boo#1049095] + +------------------------------------------------------------------- New: ---- 0001-avcodec-apedec-Fix-integer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg.spec ++++++ --- /var/tmp/diff_new_pack.uEBKc8/_old 2017-07-23 12:13:35.570584628 +0200 +++ /var/tmp/diff_new_pack.uEBKc8/_new 2017-07-23 12:13:35.570584628 +0200 @@ -59,6 +59,7 @@ Patch3: ffmpeg-pkgconfig-version.patch Patch4: ffmpeg-new-coder-errors.diff Patch5: ffmpeg-codec-choice.diff +Patch6: 0001-avcodec-apedec-Fix-integer-overflow.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: pkg-config @@ -420,7 +421,7 @@ %prep %setup -q -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1 %build perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c ++++++ 0001-avcodec-apedec-Fix-integer-overflow.patch ++++++
From ba4beaf6149f7241c8bd85fe853318c2f6837ad0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer
Date: Sun, 16 Jul 2017 14:57:20 +0200 Subject: [PATCH] avcodec/apedec: Fix integer overflow
Fixes: out of array access
Fixes: PoC.ape and others
Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: Michael Niedermayer