CLD-34 Details

Other IDs this deficiency may be known by:

CVE ID None
Other ID(s)

Basic Information:

Affected Package(s) ffmpeg
Deficiency Type SECURITY
Date Created 2017-09-18 10:19:43
Date Last Modified 2017-09-18 10:49:43

Version Specific Information:

Cucumber 1.0 i686fixed in ffmpeg-3.3.4-i686-1
Cucumber 1.0 x86_64fixed in ffmpeg-3.3.4-x86_64-1 and ffmpeg-lib_i686-3.3.4-lib_i686-1

Cucumber 1.1 i686 fixed in ffmpeg-3.3.4-i686-1
Cucumber 1.1 x86_64 fixed in ffmpeg-3.3.4-x86_64-1 and ffmpeg-lib_i686-3.3.4-lib_i686-1

Details:

This CLD covers the following CVE IDs:
CVE-2017-14054 (https://nvd.nist.gov/vuln/detail/CVE-2017-14054)
CVE-2017-14055 (https://nvd.nist.gov/vuln/detail/CVE-2017-14055)
CVE-2017-14056 (https://nvd.nist.gov/vuln/detail/CVE-2017-14056)
CVE-2017-14057 (https://nvd.nist.gov/vuln/detail/CVE-2017-14057)
CVE-2017-14058 (https://nvd.nist.gov/vuln/detail/CVE-2017-14058)
CVE-2017-14059 (https://nvd.nist.gov/vuln/detail/CVE-2017-14059)
CVE-2017-14169 (https://nvd.nist.gov/vuln/detail/CVE-2017-14169)
CVE-2017-14170 (https://nvd.nist.gov/vuln/detail/CVE-2017-14170)
CVE-2017-14171 (https://nvd.nist.gov/vuln/detail/CVE-2017-14171)
CVE-2017-14222 (https://nvd.nist.gov/vuln/detail/CVE-2017-14222)
CVE-2017-14223 (https://nvd.nist.gov/vuln/detail/CVE-2017-14223)
CVE-2017-14225 (https://nvd.nist.gov/vuln/detail/CVE-2017-14225)

All of these have been fixed upstream in ffmpeg 3.3.4, so the Arch Linux
security team says (https://security.archlinux.org/AVG-400). This has been
confirmed by the ffmpeg developers at https://ffmpeg.org/security.html.

Unfortunately, the upstream developers have released no details about the
technical workings of these vulnerabilities, so it is not possible for us to
disclose any more information than this at this time.