[gentoo-announce] [ GLSA 201310-12 ] FFmpeg: Multiple vulnerabilities - gentoo-announce

From:	Sean Amoss <ackle@g.o>
To:	gentoo-announce@g.o
Subject:	[gentoo-announce] [ GLSA 201310-12 ] FFmpeg: Multiple vulnerabilities
Date:	Fri, 25 Oct 2013 19:10:42
Message-Id:	`526AC1C4.4000802@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201310-12

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: High

8

    Title: FFmpeg: Multiple vulnerabilities

9

     Date: October 25, 2013

10

     Bugs: #285719, #307755, #339036, #352481, #365273, #378801,

11

           #382301, #384095, #385511, #389807, #391421, #397893,

12

           #401069, #411369, #420305, #433772, #439054, #454420,

13

           #465496, #473302, #473790, #476218, #482136

14

       ID: 201310-12

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Multiple vulnerabilities were found in FFmpeg, the worst of which might

22

enable remote attackers to cause user-assisted execution of arbitrary

23

code.

24

25

Background

26

==========

27

28

FFmpeg is a complete solution to record, convert and stream audio and

29

video.

30

31

Affected packages

32

=================

33

34

    -------------------------------------------------------------------

35

     Package              /     Vulnerable     /            Unaffected

36

    -------------------------------------------------------------------

37

  1  media-video/ffmpeg           < 1.0.7                    >= 1.0.7

38

39

Description

40

===========

41

42

Multiple vulnerabilities have been discovered in FFmpeg. Please review

43

the CVE identifiers and FFmpeg changelogs referenced below for details.

44

45

Impact

46

======

47

48

A remote attacker could entice a user to open a specially crafted media

49

file, possibly leading to the execution of arbitrary code with the

50

privileges of the user running the application or a Denial of Service.

51

52

Workaround

53

==========

54

55

There is no known workaround at this time.

56

57

Resolution

58

==========

59

60

All FFmpeg users should upgrade to the latest version:

61

62

  # emerge --sync

63

  # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"

64

65

References

66

==========

67

68

[  1 ] CVE-2009-4631

69

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4631

70

[  2 ] CVE-2009-4632

71

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4632

72

[  3 ] CVE-2009-4633

73

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4633

74

[  4 ] CVE-2009-4634

75

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4634

76

[  5 ] CVE-2009-4635

77

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4635

78

[  6 ] CVE-2009-4636

79

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4636

80

[  7 ] CVE-2009-4637

81

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4637

82

[  8 ] CVE-2009-4638

83

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4638

84

[  9 ] CVE-2009-4639

85

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4639

86

[ 10 ] CVE-2009-4640

87

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4640

88

[ 11 ] CVE-2010-3429

89

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429

90

[ 12 ] CVE-2010-3908

91

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3908

92

[ 13 ] CVE-2010-4704

93

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704

94

[ 14 ] CVE-2010-4704

95

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704

96

[ 15 ] CVE-2010-4705

97

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4705

98

[ 16 ] CVE-2011-1931

99

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1931

100

[ 17 ] CVE-2011-3362

101

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3362

102

[ 18 ] CVE-2011-3893

103

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893

104

[ 19 ] CVE-2011-3895

105

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895

106

[ 20 ] CVE-2011-3929

107

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929

108

[ 21 ] CVE-2011-3934

109

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3934

110

[ 22 ] CVE-2011-3935

111

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3935

112

[ 23 ] CVE-2011-3936

113

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936

114

[ 24 ] CVE-2011-3937

115

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937

116

[ 25 ] CVE-2011-3940

117

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940

118

[ 26 ] CVE-2011-3941

119

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3941

120

[ 27 ] CVE-2011-3944

121

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3944

122

[ 28 ] CVE-2011-3945

123

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945

124

[ 29 ] CVE-2011-3946

125

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3946

126

[ 30 ] CVE-2011-3947

127

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947

128

[ 31 ] CVE-2011-3949

129

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3949

130

[ 32 ] CVE-2011-3950

131

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3950

132

[ 33 ] CVE-2011-3951

133

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951

134

[ 34 ] CVE-2011-3952

135

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952

136

[ 35 ] CVE-2011-3973

137

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3973

138

[ 36 ] CVE-2011-3974

139

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3974

140

[ 37 ] CVE-2011-4351

141

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4351

142

[ 38 ] CVE-2011-4352

143

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4352

144

[ 39 ] CVE-2011-4353

145

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4353

146

[ 40 ] CVE-2011-4364

147

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4364

148

[ 41 ] CVE-2012-0947

149

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947

150

[ 42 ] CVE-2012-2771

151

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2771

152

[ 43 ] CVE-2012-2772

153

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772

154

[ 44 ] CVE-2012-2773

155

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2773

156

[ 45 ] CVE-2012-2774

157

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774

158

[ 46 ] CVE-2012-2775

159

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775

160

[ 47 ] CVE-2012-2776

161

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776

162

[ 48 ] CVE-2012-2777

163

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777

164

[ 49 ] CVE-2012-2778

165

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2778

166

[ 50 ] CVE-2012-2779

167

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779

168

[ 51 ] CVE-2012-2780

169

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2780

170

[ 52 ] CVE-2012-2781

171

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2781

172

[ 53 ] CVE-2012-2782

173

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782

174

[ 54 ] CVE-2012-2783

175

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783

176

[ 55 ] CVE-2012-2784

177

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784

178

[ 56 ] CVE-2012-2785

179

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785

180

[ 57 ] CVE-2012-2786

181

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786

182

[ 58 ] CVE-2012-2787

183

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787

184

[ 59 ] CVE-2012-2788

185

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788

186

[ 60 ] CVE-2012-2789

187

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789

188

[ 61 ] CVE-2012-2790

189

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790

190

[ 62 ] CVE-2012-2791

191

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791

192

[ 63 ] CVE-2012-2792

193

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792

194

[ 64 ] CVE-2012-2793

195

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793

196

[ 65 ] CVE-2012-2794

197

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794

198

[ 66 ] CVE-2012-2795

199

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795

200

[ 67 ] CVE-2012-2796

201

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796

202

[ 68 ] CVE-2012-2797

203

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797

204

[ 69 ] CVE-2012-2798

205

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798

206

[ 70 ] CVE-2012-2799

207

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799

208

[ 71 ] CVE-2012-2800

209

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800

210

[ 72 ] CVE-2012-2801

211

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801

212

[ 73 ] CVE-2012-2802

213

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802

214

[ 74 ] CVE-2012-2803

215

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803

216

[ 75 ] CVE-2012-2804

217

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804

218

[ 76 ] CVE-2012-2805

219

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2805

220

[ 77 ] CVE-2013-3670

221

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3670

222

[ 78 ] CVE-2013-3671

223

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3671

224

[ 79 ] CVE-2013-3672

225

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3672

226

[ 80 ] CVE-2013-3673

227

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3673

228

[ 81 ] CVE-2013-3674

229

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3674

230

[ 82 ] CVE-2013-3675

231

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3675

232

[ 83 ] FFmpeg 0.10.x Changelog

233

234

http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10

235

[ 84 ] FFmpeg 1.0.x Changelog

236

237

http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0

238

[ 85 ] NGS Secure Research NGS00068

239

       http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html

240

[ 86 ] Secunia Advisory SA36760

241

       http://secunia.com/advisories/36760/

242

[ 87 ] Secunia Advisory SA46134

243

       https://secunia.com/advisories/46134/

244

245

Availability

246

============

247

248

This GLSA and any updates to it are available for viewing at

249

the Gentoo Security Website:

250

251

 http://security.gentoo.org/glsa/glsa-201310-12.xml

252

253

Concerns?

254

=========

255

256

Security is a primary focus of Gentoo Linux and ensuring the

257

confidentiality and security of our users' machines is of utmost

258

importance to us. Any security concerns should be addressed to

259

security@g.o or alternatively, you may file a bug at

260

https://bugs.gentoo.org.

261

262

License

263

=======

264

265

Copyright 2013 Gentoo Foundation, Inc; referenced text

266

belongs to its owner(s).

267

268

The contents of this document are licensed under the

269

Creative Commons - Attribution / Share Alike license.

270

271

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201310-12
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: FFmpeg: Multiple vulnerabilities
9	Date: October 25, 2013
10	Bugs: #285719, #307755, #339036, #352481, #365273, #378801,
11	#382301, #384095, #385511, #389807, #391421, #397893,
12	#401069, #411369, #420305, #433772, #439054, #454420,
13	#465496, #473302, #473790, #476218, #482136
14	ID: 201310-12
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Multiple vulnerabilities were found in FFmpeg, the worst of which might
22	enable remote attackers to cause user-assisted execution of arbitrary
23	code.
24
25	Background
26	==========
27
28	FFmpeg is a complete solution to record, convert and stream audio and
29	video.
30
31	Affected packages
32	=================
33
34	-------------------------------------------------------------------
35	Package / Vulnerable / Unaffected
36	-------------------------------------------------------------------
37	1 media-video/ffmpeg < 1.0.7 >= 1.0.7
38
39	Description
40	===========
41
42	Multiple vulnerabilities have been discovered in FFmpeg. Please review
43	the CVE identifiers and FFmpeg changelogs referenced below for details.
44
45	Impact
46	======
47
48	A remote attacker could entice a user to open a specially crafted media
49	file, possibly leading to the execution of arbitrary code with the
50	privileges of the user running the application or a Denial of Service.
51
52	Workaround
53	==========
54
55	There is no known workaround at this time.
56
57	Resolution
58	==========
59
60	All FFmpeg users should upgrade to the latest version:
61
62	# emerge --sync
63	# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"
64
65	References
66	==========
67
68	[ 1 ] CVE-2009-4631
69	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4631
70	[ 2 ] CVE-2009-4632
71	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4632
72	[ 3 ] CVE-2009-4633
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4633
74	[ 4 ] CVE-2009-4634
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4634
76	[ 5 ] CVE-2009-4635
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4635
78	[ 6 ] CVE-2009-4636
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4636
80	[ 7 ] CVE-2009-4637
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4637
82	[ 8 ] CVE-2009-4638
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4638
84	[ 9 ] CVE-2009-4639
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4639
86	[ 10 ] CVE-2009-4640
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4640
88	[ 11 ] CVE-2010-3429
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429
90	[ 12 ] CVE-2010-3908
91	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3908
92	[ 13 ] CVE-2010-4704
93	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704
94	[ 14 ] CVE-2010-4704
95	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704
96	[ 15 ] CVE-2010-4705
97	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4705
98	[ 16 ] CVE-2011-1931
99	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1931
100	[ 17 ] CVE-2011-3362
101	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3362
102	[ 18 ] CVE-2011-3893
103	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893
104	[ 19 ] CVE-2011-3895
105	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895
106	[ 20 ] CVE-2011-3929
107	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929
108	[ 21 ] CVE-2011-3934
109	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3934
110	[ 22 ] CVE-2011-3935
111	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3935
112	[ 23 ] CVE-2011-3936
113	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936
114	[ 24 ] CVE-2011-3937
115	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937
116	[ 25 ] CVE-2011-3940
117	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940
118	[ 26 ] CVE-2011-3941
119	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3941
120	[ 27 ] CVE-2011-3944
121	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3944
122	[ 28 ] CVE-2011-3945
123	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945
124	[ 29 ] CVE-2011-3946
125	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3946
126	[ 30 ] CVE-2011-3947
127	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947
128	[ 31 ] CVE-2011-3949
129	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3949
130	[ 32 ] CVE-2011-3950
131	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3950
132	[ 33 ] CVE-2011-3951
133	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951
134	[ 34 ] CVE-2011-3952
135	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952
136	[ 35 ] CVE-2011-3973
137	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3973
138	[ 36 ] CVE-2011-3974
139	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3974
140	[ 37 ] CVE-2011-4351
141	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4351
142	[ 38 ] CVE-2011-4352
143	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4352
144	[ 39 ] CVE-2011-4353
145	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4353
146	[ 40 ] CVE-2011-4364
147	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4364
148	[ 41 ] CVE-2012-0947
149	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947
150	[ 42 ] CVE-2012-2771
151	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2771
152	[ 43 ] CVE-2012-2772
153	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772
154	[ 44 ] CVE-2012-2773
155	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2773
156	[ 45 ] CVE-2012-2774
157	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774
158	[ 46 ] CVE-2012-2775
159	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775
160	[ 47 ] CVE-2012-2776
161	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776
162	[ 48 ] CVE-2012-2777
163	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777
164	[ 49 ] CVE-2012-2778
165	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2778
166	[ 50 ] CVE-2012-2779
167	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779
168	[ 51 ] CVE-2012-2780
169	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2780
170	[ 52 ] CVE-2012-2781
171	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2781
172	[ 53 ] CVE-2012-2782
173	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782
174	[ 54 ] CVE-2012-2783
175	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783
176	[ 55 ] CVE-2012-2784
177	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784
178	[ 56 ] CVE-2012-2785
179	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785
180	[ 57 ] CVE-2012-2786
181	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786
182	[ 58 ] CVE-2012-2787
183	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787
184	[ 59 ] CVE-2012-2788
185	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788
186	[ 60 ] CVE-2012-2789
187	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789
188	[ 61 ] CVE-2012-2790
189	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790
190	[ 62 ] CVE-2012-2791
191	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791
192	[ 63 ] CVE-2012-2792
193	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792
194	[ 64 ] CVE-2012-2793
195	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793
196	[ 65 ] CVE-2012-2794
197	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794
198	[ 66 ] CVE-2012-2795
199	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795
200	[ 67 ] CVE-2012-2796
201	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796
202	[ 68 ] CVE-2012-2797
203	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797
204	[ 69 ] CVE-2012-2798
205	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798
206	[ 70 ] CVE-2012-2799
207	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799
208	[ 71 ] CVE-2012-2800
209	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800
210	[ 72 ] CVE-2012-2801
211	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801
212	[ 73 ] CVE-2012-2802
213	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802
214	[ 74 ] CVE-2012-2803
215	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803
216	[ 75 ] CVE-2012-2804
217	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804
218	[ 76 ] CVE-2012-2805
219	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2805
220	[ 77 ] CVE-2013-3670
221	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3670
222	[ 78 ] CVE-2013-3671
223	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3671
224	[ 79 ] CVE-2013-3672
225	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3672
226	[ 80 ] CVE-2013-3673
227	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3673
228	[ 81 ] CVE-2013-3674
229	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3674
230	[ 82 ] CVE-2013-3675
231	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3675
232	[ 83 ] FFmpeg 0.10.x Changelog
233
234	http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10
235	[ 84 ] FFmpeg 1.0.x Changelog
236
237	http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0
238	[ 85 ] NGS Secure Research NGS00068
239	http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html
240	[ 86 ] Secunia Advisory SA36760
241	http://secunia.com/advisories/36760/
242	[ 87 ] Secunia Advisory SA46134
243	https://secunia.com/advisories/46134/
244
245	Availability
246	============
247
248	This GLSA and any updates to it are available for viewing at
249	the Gentoo Security Website:
250
251	http://security.gentoo.org/glsa/glsa-201310-12.xml
252
253	Concerns?
254	=========
255
256	Security is a primary focus of Gentoo Linux and ensuring the
257	confidentiality and security of our users' machines is of utmost
258	importance to us. Any security concerns should be addressed to
259	security@g.o or alternatively, you may file a bug at
260	https://bugs.gentoo.org.
261
262	License
263	=======
264
265	Copyright 2013 Gentoo Foundation, Inc; referenced text
266	belongs to its owner(s).
267
268	The contents of this document are licensed under the
269	Creative Commons - Attribution / Share Alike license.
270
271	http://creativecommons.org/licenses/by-sa/2.5