Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-4 for openSUSE:Factory checked in at 2024-05-09 12:07:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1880 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-4" Thu May 9 12:07:27 2024 rev:67 rq:1172481 version:4.4.4 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes 2024-04-29 17:57:29.749515237 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1880/ffmpeg-4.changes 2024-05-09 12:07:34.585227530 +0200 @@ -1,0 +2,7 @@ +Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qz...@suse.com> + +- Add ffmpeg-CVE-2023-50010.patch: + Backporting e4d2666b from upstream, fixes the out of array access. + (CVE-2023-50010 bsc#1223256) + +------------------------------------------------------------------- New: ---- ffmpeg-CVE-2023-50010.patch BETA DEBUG BEGIN: New: - Add ffmpeg-CVE-2023-50010.patch: Backporting e4d2666b from upstream, fixes the out of array access. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-4.spec ++++++ --- /var/tmp/diff_new_pack.AYt3ZI/_old 2024-05-09 12:07:36.193285973 +0200 +++ /var/tmp/diff_new_pack.AYt3ZI/_new 2024-05-09 12:07:36.197286118 +0200 @@ -130,6 +130,7 @@ Patch17: ffmpeg-CVE-2023-49502.patch Patch18: ffmpeg-CVE-2023-51793.patch Patch19: 0001-avfilter-af_stereowiden-Check-length.patch +Patch20: ffmpeg-CVE-2023-50010.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel ++++++ ffmpeg-CVE-2023-50010.patch ++++++ commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a) Author: Michael Niedermayer <mich...@niedermayer.cc> Date: Sun Dec 24 20:50:51 2023 +0100 References: CVE-2023-50010 References: https://bugzilla.opensuse.org/1172424 avfilter/vf_gradfun: Do not overread last line The code works in steps of 2 lines and lacks support for odd height Implementing odd height support is better but for now this fixes the out of array access Fixes: out of array access Fixes: tickets/10702/poc6ffmpe Found-by: Zeng Yunxiang Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> diff -Nura ffmpeg-4.4.4/libavfilter/vf_gradfun.c ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c --- ffmpeg-4.4.4/libavfilter/vf_gradfun.c 2023-04-13 02:01:50.000000000 +0800 +++ ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c 2024-05-07 19:32:05.287848683 +0800 @@ -93,7 +93,7 @@ for (y = 0; y < r; y++) ctx->blur_line(dc, buf + y * bstride, buf + (y - 1) * bstride, src + 2 * y * src_linesize, src_linesize, width / 2); for (;;) { - if (y < height - r) { + if (y + 1 < height - r) { int mod = ((y + r) / 2) % r; uint16_t *buf0 = buf + mod * bstride; uint16_t *buf1 = buf + (mod ? mod - 1 : r - 1) * bstride;
