From owner-svn-ports-all@freebsd.org  Wed Dec  2 23:10:52 2015
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42F66A3FF8E;
 Wed,  2 Dec 2015 23:10:52 +0000 (UTC)
 (envelope-from jbeich@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F2CDE13DE;
 Wed,  2 Dec 2015 23:10:51 +0000 (UTC)
 (envelope-from jbeich@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB2NApnn059755;
 Wed, 2 Dec 2015 23:10:51 GMT (envelope-from jbeich@FreeBSD.org)
Received: (from jbeich@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB2NAofZ059753;
 Wed, 2 Dec 2015 23:10:50 GMT (envelope-from jbeich@FreeBSD.org)
Message-Id: <201512022310.tB2NAofZ059753@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jbeich set sender to
 jbeich@FreeBSD.org using -f
From: Jan Beich <jbeich@FreeBSD.org>
Date: Wed, 2 Dec 2015 23:10:50 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r402864 - head/security/vuxml
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 23:10:52 -0000

Author: jbeich
Date: Wed Dec  2 23:10:50 2015
New Revision: 402864
URL: https://svnweb.freebsd.org/changeset/ports/402864

Log:
  Document recent ffmpeg vulnerabilities
  
  While here, restore a header line accidentally removed in r402855.

Modified:
  head/security/vuxml/vuln.xml   (contents, props changed)

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Dec  2 22:51:48 2015	(r402863)
+++ head/security/vuxml/vuln.xml	Wed Dec  2 23:10:50 2015	(r402864)
@@ -1,3 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd">
 <!--
 Copyright 2003-2014 Jacques Vidrine and contributors
@@ -57,6 +58,176 @@ Notes:
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="b0da85af-21a3-4c15-a137-fe9e4bc86002">
+    <topic>ffmpeg -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>libav</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>gstreamer-ffmpeg</name>
+	<!-- gst-ffmpeg-0.10.13 has libav-0.7.2 (0.7.7 in freebsd port) -->
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>handbrake</name>
+	<!-- handbrake-0.10.2 has libav-10.1 -->
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>ffmpeg</name>
+	<range><lt>2.8.3,1</lt></range>
+      </package>
+      <package>
+	<name>ffmpeg26</name>
+	<range><lt>2.6.5</lt></range>
+      </package>
+      <package>
+	<name>ffmpeg-devel</name>
+	<name>ffmpeg25</name>
+	<name>ffmpeg24</name>
+	<name>ffmpeg23</name>
+	<name>ffmpeg2</name>
+	<name>ffmpeg1</name>
+	<name>ffmpeg-011</name>
+	<name>ffmpeg0</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>avidemux</name>
+	<name>avidemux2</name>
+	<name>avidemux26</name>
+	<!-- avidemux-2.6.10 has ffmpeg-2.6.1 -->
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>kodi</name>
+	<!-- kodi-15.2 has ffmpeg-2.6.4 -->
+	<range><lt>16.0</lt></range>
+      </package>
+      <package>
+	<name>mplayer</name>
+	<name>mencoder</name>
+	<!-- mplayer-1.1.r20150822_6 has ffmpeg-2.8.2 -->
+	<range><lt>1.1.r20150822_7</lt></range>
+      </package>
+      <package>
+	<name>mythtv</name>
+	<name>mythtv-frontend</name>
+	<!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>plexhometheater</name>
+	<!-- plexhometheater-1.4.1 has ffmpeg-0.10.2 fork -->
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>NVD reports:</p>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6761">
+	  <p>The update_dimensions function in libavcodec/vp8.c in
+	    FFmpeg through 2.8.1, as used in Google Chrome before
+	    46.0.2490.71 and other products, relies on a
+	    coefficient-partition count during multi-threaded operation,
+	    which allows remote attackers to cause a denial of service
+	    (race condition and memory corruption) or possibly have
+	    unspecified other impact via a crafted WebM file.</p>
+	</blockquote>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8216">
+	  <p>The ljpeg_decode_yuv_scan function in
+	    libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain
+	    width and height checks, which allows remote attackers to
+	    cause a denial of service (out-of-bounds array access) or
+	    possibly have unspecified other impact via crafted MJPEG
+	    data.</p>
+	</blockquote>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8217">
+	  <p>The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in
+	    FFmpeg before 2.8.2 does not validate the Chroma Format
+	    Indicator, which allows remote attackers to cause a denial
+	    of service (out-of-bounds array access) or possibly have
+	    unspecified other impact via crafted High Efficiency Video
+	    Coding (HEVC) data.</p>
+	</blockquote>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8218">
+	  <p>The decode_uncompressed function in libavcodec/faxcompr.c
+	    in FFmpeg before 2.8.2 does not validate uncompressed runs,
+	    which allows remote attackers to cause a denial of service
+	    (out-of-bounds array access) or possibly have unspecified
+	    other impact via crafted CCITT FAX data.</p>
+	</blockquote>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8219">
+	  <p>The init_tile function in libavcodec/jpeg2000dec.c in
+	    FFmpeg before 2.8.2 does not enforce minimum-value and
+	    maximum-value constraints on tile coordinates, which allows
+	    remote attackers to cause a denial of service (out-of-bounds
+	    array access) or possibly have unspecified other impact via
+	    crafted JPEG 2000 data.</p>
+	</blockquote>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8363">
+	  <p>The jpeg2000_read_main_headers function in
+	    libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x
+	    before 2.7.3, and 2.8.x through 2.8.2 does not enforce
+	    uniqueness of the SIZ marker in a JPEG 2000 image, which
+	    allows remote attackers to cause a denial of service
+	    (out-of-bounds heap-memory access) or possibly have
+	    unspecified other impact via a crafted image with two or
+	    more of these markers.</p>
+	</blockquote>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8364">
+	  <p>Integer overflow in the ff_ivi_init_planes function in
+	    libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3,
+	    and 2.8.x through 2.8.2 allows remote attackers to cause a
+	    denial of service (out-of-bounds heap-memory access) or
+	    possibly have unspecified other impact via crafted image
+	    dimensions in Indeo Video Interactive data.</p>
+	</blockquote>
+	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8365">
+	  <p>The smka_decode_frame function in libavcodec/smacker.c in
+	    FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through
+	    2.8.2 does not verify that the data size is consistent with
+	    the number of channels, which allows remote attackers to
+	    cause a denial of service (out-of-bounds array access) or
+	    possibly have unspecified other impact via crafted Smacker
+	    data.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2015-6761</cvename>
+      <cvename>CVE-2015-8216</cvename>
+      <cvename>CVE-2015-8217</cvename>
+      <cvename>CVE-2015-8218</cvename>
+      <cvename>CVE-2015-8219</cvename>
+      <cvename>CVE-2015-8363</cvename>
+      <cvename>CVE-2015-8364</cvename>
+      <cvename>CVE-2015-8365</cvename>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c</url>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d24888ef19ba38b787b11d1ee091a3d94920c76a</url>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=93f30f825c08477fe8f76be00539e96014cc83c8</url>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46</url>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43492ff3ab68a343c1264801baa1d5a02de10167</url>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2</url>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066</url>
+      <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a9af07a49295e014b059c1ab624c40345af5892</url>
+      <url>https://ffmpeg.org/security.html</url>
+    </references>
+    <dates>
+      <discovery>2015-11-27</discovery>
+      <entry>2015-12-02</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="548f74bd-993c-11e5-956b-00262d5ed8ee">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>