CLD-34 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
ffmpeg |
Deficiency Type |
SECURITY |
Date Created |
2017-09-18 10:19:43 |
Date Last Modified |
2017-09-18 10:49:43 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in ffmpeg-3.3.4-i686-1 |
Cucumber 1.0 x86_64 | fixed in ffmpeg-3.3.4-x86_64-1 and ffmpeg-lib_i686-3.3.4-lib_i686-1 |
Cucumber 1.1 i686 |
fixed in ffmpeg-3.3.4-i686-1 |
Cucumber 1.1 x86_64 |
fixed in ffmpeg-3.3.4-x86_64-1 and ffmpeg-lib_i686-3.3.4-lib_i686-1 |
Details:
This CLD covers the following CVE IDs:
CVE-2017-14054 (https://nvd.nist.gov/vuln/detail/CVE-2017-14054)
CVE-2017-14055 (https://nvd.nist.gov/vuln/detail/CVE-2017-14055)
CVE-2017-14056 (https://nvd.nist.gov/vuln/detail/CVE-2017-14056)
CVE-2017-14057 (https://nvd.nist.gov/vuln/detail/CVE-2017-14057)
CVE-2017-14058 (https://nvd.nist.gov/vuln/detail/CVE-2017-14058)
CVE-2017-14059 (https://nvd.nist.gov/vuln/detail/CVE-2017-14059)
CVE-2017-14169 (https://nvd.nist.gov/vuln/detail/CVE-2017-14169)
CVE-2017-14170 (https://nvd.nist.gov/vuln/detail/CVE-2017-14170)
CVE-2017-14171 (https://nvd.nist.gov/vuln/detail/CVE-2017-14171)
CVE-2017-14222 (https://nvd.nist.gov/vuln/detail/CVE-2017-14222)
CVE-2017-14223 (https://nvd.nist.gov/vuln/detail/CVE-2017-14223)
CVE-2017-14225 (https://nvd.nist.gov/vuln/detail/CVE-2017-14225)
All of these have been fixed upstream in ffmpeg 3.3.4, so the Arch Linux
security team says (https://security.archlinux.org/AVG-400). This has been
confirmed by the ffmpeg developers at https://ffmpeg.org/security.html.
Unfortunately, the upstream developers have released no details about the
technical workings of these vulnerabilities, so it is not possible for us to
disclose any more information than this at this time.