CLD-34 Details

Other IDs this deficiency may be known by:

CVE ID None
Other ID(s)

Basic Information:

Affected Package(s) ffmpeg
Deficiency Type SECURITY
Date Created 2017-09-18 10:19:43
Date Last Modified 2017-09-18 10:49:43

Version Specific Information:

Cucumber 1.0 i686 fixed in ffmpeg-3.3.4-i686-1
Cucumber 1.0 x86_64 fixed in ffmpeg-3.3.4-x86_64-1 and ffmpeg-lib_i686-3.3.4-lib_i686-1

Cucumber 1.1 i686 fixed in ffmpeg-3.3.4-i686-1
Cucumber 1.1 x86_64 fixed in ffmpeg-3.3.4-x86_64-1 and ffmpeg-lib_i686-3.3.4-lib_i686-1

Details:

This CLD covers the following CVE IDs:
CVE-2017-14054 (https://nvd.nist.gov/vuln/detail/CVE-2017-14054)
CVE-2017-14055 (https://nvd.nist.gov/vuln/detail/CVE-2017-14055)
CVE-2017-14056 (https://nvd.nist.gov/vuln/detail/CVE-2017-14056)
CVE-2017-14057 (https://nvd.nist.gov/vuln/detail/CVE-2017-14057)
CVE-2017-14058 (https://nvd.nist.gov/vuln/detail/CVE-2017-14058)
CVE-2017-14059 (https://nvd.nist.gov/vuln/detail/CVE-2017-14059)
CVE-2017-14169 (https://nvd.nist.gov/vuln/detail/CVE-2017-14169)
CVE-2017-14170 (https://nvd.nist.gov/vuln/detail/CVE-2017-14170)
CVE-2017-14171 (https://nvd.nist.gov/vuln/detail/CVE-2017-14171)
CVE-2017-14222 (https://nvd.nist.gov/vuln/detail/CVE-2017-14222)
CVE-2017-14223 (https://nvd.nist.gov/vuln/detail/CVE-2017-14223)
CVE-2017-14225 (https://nvd.nist.gov/vuln/detail/CVE-2017-14225)

All of these have been fixed upstream in ffmpeg 3.3.4, so the Arch Linux
security team says (https://security.archlinux.org/AVG-400).

Unfortunately, the upstream developers have released no details about these
vulnerabilities or their patches whatsoever, so it is not possible for us to
disclose any more information than this at this time.