{"affected":[{"ecosystem_specific":{"binaries":[{"ffmpeg":"3.4.2-14.1","libavcodec-devel":"3.4.2-14.1","libavcodec57":"3.4.2-14.1","libavdevice-devel":"3.4.2-14.1","libavdevice57":"3.4.2-14.1","libavfilter-devel":"3.4.2-14.1","libavfilter6":"3.4.2-14.1","libavformat-devel":"3.4.2-14.1","libavformat57":"3.4.2-14.1","libavresample-devel":"3.4.2-14.1","libavresample3":"3.4.2-14.1","libavutil-devel":"3.4.2-14.1","libavutil55":"3.4.2-14.1","libpostproc-devel":"3.4.2-14.1","libpostproc54":"3.4.2-14.1","libswresample-devel":"3.4.2-14.1","libswresample2":"3.4.2-14.1","libswscale-devel":"3.4.2-14.1","libswscale4":"3.4.2-14.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ffmpeg fixes the following issues:\n\nUpdated ffmpeg to new bugfix release 3.4.2\n\n  * Fix integer overflows, multiplication overflows, undefined\n    shifts, and verify buffer lengths.\n  * avfilter/vf_transpose: Fix used plane count\n    [boo#1078488, CVE-2018-6392]\n  * avcodec/utvideodec: Fix bytes left check in decode_frame()\n    [boo#1079368, CVE-2018-6621] \n- Enable use of libzvbi for displaying teletext subtitles.\n- Fixed a DoS in swri_audio_convert() [boo#1072366, CVE-2017-17555].\n\nUpdate to new bugfix release 3.4.1\n\n  * Fixed integer overflows, division by zero, illegal bit shifts\n  * Fixed the gmc_mmx function which failed to validate width\n    and height [boo#1070762, CVE-2017-17081]\n  * Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840]\n  * ffplay: use SDL2 audio API\n\n- install also doc/ffserver.conf\n\n- Update to new upstream release 3.4\n\n  * New video filters: deflicker, doublewave, lumakey, pixscope,\n    oscilloscope, robterts, limiter, libvmaf, unpremultiply,\n    tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion.\n  * New audio filters: afir, crossfeed, surround, headphone,\n    superequalizer, haas.\n  * Some video filters with several inputs now use a common set\n    of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They\n    must always be used by name.\n  * librsvg support for svg rasterization\n  * spec-compliant VP9 muxing support in MP4\n  * Remove the libnut and libschroedinger muxer/demuxer wrappers\n  * drop deprecated qtkit input device (use avfoundation instead)\n  * SUP/PGS subtitle muxer\n  * VP9 tile threading support\n  * KMS screen grabber\n  * CUDA thumbnail filter\n  * V4L2 mem2mem HW assisted codecs\n  * Rockchip MPP hardware decoding\n  * (Not in openSUSE builds, only original ones:)\n  * Gremlin Digital Video demuxer and decoder\n  * Additional frame format support for Interplay MVE movies\n  * Dolby E decoder and SMPTE 337M demuxer\n  * raw G.726 muxer and demuxer, left- and right-justified\n  * NewTek NDI input/output device\n  * FITS demuxer, muxer, decoder and encoder\n- Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186]\n- Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]\n","id":"openSUSE-SU-2018:0476-1","modified":"2018-02-19T09:08:21Z","published":"2018-02-19T09:08:21Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1064577"},{"type":"REPORT","url":"https://bugzilla.suse.com/1066428"},{"type":"REPORT","url":"https://bugzilla.suse.com/1069407"},{"type":"REPORT","url":"https://bugzilla.suse.com/1070762"},{"type":"REPORT","url":"https://bugzilla.suse.com/1072366"},{"type":"REPORT","url":"https://bugzilla.suse.com/1078488"},{"type":"REPORT","url":"https://bugzilla.suse.com/1079368"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15672"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17081"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17555"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6392"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6621"}],"related":["CVE-2017-15186","CVE-2017-15672","CVE-2017-16840","CVE-2017-17081","CVE-2017-17555","CVE-2018-6392","CVE-2018-6621"],"summary":"Security update for ffmpeg","upstream":["CVE-2017-15186","CVE-2017-15672","CVE-2017-16840","CVE-2017-17081","CVE-2017-17555","CVE-2018-6392","CVE-2018-6621"]}