{"update": {"autokarma": true, "autotime": true, "stable_karma": 2, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Backport fix for CVE-2023-49528 and backport fixes for compatibility with Mesa 24.0.6+ / 24.1.4+ for VA-API", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "reboot", "locked": false, "pushed": true, "critpath": true, "critpath_groups": "critical-path-anaconda critical-path-apps critical-path-deepin-desktop critical-path-kde", "close_bugs": true, "date_submitted": "2024-07-20 14:16:42", "date_modified": "2024-07-20 14:17:17", "date_approved": "2024-07-20 23:56:58", "date_testing": null, "date_stable": "2024-07-21 01:38:57", "alias": "FEDORA-2024-810afc5c2e", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2024-07-21 01:38:57", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-810afc5c2e", "title": "ffmpeg-6.1.1-19.fc40", "version_hash": "429a952b6d1545e9334effbe26d5cab49e7e4ecf", "release": {"name": "F40", "long_name": "Fedora 40", "version": "40", "id_prefix": "FEDORA", "branch": "f40", "dist_tag": "f40", "stable_tag": "f40-updates", "testing_tag": "f40-updates-testing", "candidate_tag": "f40-updates-candidate", "pending_signing_tag": "f40-signing-pending", "pending_testing_tag": "f40-updates-testing-pending", "pending_stable_tag": "f40-updates-pending", "override_tag": "f40-override", "mail_template": "fedora_errata_template", "state": "current", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2025-05-13", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "ngompa", "email": "ngompa13@gmail.com", "id": 534, "avatar": "https://seccdn.libravatar.org/avatar/78eb5545c77d95a891c05cb362dfc4525c92e5398a7645c5bd23e126784d44a9?s=24&d=retro", "openid": "ngompa.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "provenpackager"}, {"name": "kde-sig"}, {"name": "communishift"}, {"name": "kaizen"}, {"name": "respins-sig"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "sig-hyperscale"}, {"name": "epel-packagers-sig"}, {"name": "fedora-contributor"}, {"name": "python-packagers-sig"}, {"name": "signed_fpca"}, {"name": "centosproject-email-aliases"}, {"name": "caddy"}, {"name": "fesco"}, {"name": "sig-extras"}, {"name": "go-sig"}, {"name": "rust-sig"}, {"name": "gitlab-centos-sig-hyperscale"}, {"name": "sig-altimages"}, {"name": "ocp-cico-hyperscale"}, {"name": "asahi-sig"}, {"name": "lxqt-sig"}, {"name": "sig-docs"}, {"name": "discourse-experiments"}, {"name": "multimedia-sig"}, {"name": "discussion-mods-asahi"}, {"name": "asahi-sig-admin"}, {"name": "cloud-sig"}, {"name": "pantheon-sig"}, {"name": "gitlab-centos-sig-altimages"}, {"name": "cosmic-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by ngompa. ", "timestamp": "2024-07-20 14:16:42", "update_id": 628385, "user_id": 91, "id": 3616514, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2024-07-20 14:16:43", "update_id": 628385, "user_id": 91, "id": 3616515, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "ngompa edited this update.", "timestamp": "2024-07-20 14:17:17", "update_id": 628385, "user_id": 91, "id": 3616518, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'passed'.", "timestamp": "2024-07-20 15:53:21", "update_id": 628385, "user_id": 91, "id": 3616612, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Installs!", "timestamp": "2024-07-20 21:49:40", "update_id": 628385, "user_id": 6920, "id": 3616697, "bug_feedback": [{"karma": 1, "comment_id": 3616697, "bug_id": 2274694, "bug": {"bug_id": 2274694, "title": "CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "farchord", "email": "farchord@gmail.com", "id": 6920, "avatar": "https://seccdn.libravatar.org/avatar/03b4b6185009c1792d10f9411d705b6ed1d7da7de84e5ef925f6baa4f1410a04?s=24&d=retro", "openid": "farchord.id.fedoraproject.org", "groups": [{"name": "lxqt-sig"}, {"name": "packager"}, {"name": "kde-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}, {"karma": 1, "karma_critpath": 0, "text": "Successfully installed and was able to transcode a video into a gif", "timestamp": "2024-07-20 23:56:58", "update_id": 628385, "user_id": 7952, "id": 3616725, "bug_feedback": [{"karma": 1, "comment_id": 3616725, "bug_id": 2274694, "bug": {"bug_id": 2274694, "title": "CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "timaeos", "email": "timaeos@proton.me", "id": 7952, "avatar": "https://seccdn.libravatar.org/avatar/d652813b8542e1bea4e7603cb23ce1c353c33112e696b516a42da0057a6c6f3d?s=24&d=retro", "openid": "timaeos.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2024-07-20 23:56:58", "update_id": 628385, "user_id": 91, "id": 3616726, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2024-07-21 01:40:21", "update_id": 628385, "user_id": 91, "id": 3616824, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This does not fix garbled AV1 decode in Firefox with 24.1.4+ for me.", "timestamp": "2024-07-22 11:44:49", "update_id": 628385, "user_id": 388, "id": 3617456, "bug_feedback": [{"karma": 0, "comment_id": 3617456, "bug_id": 2274694, "bug": {"bug_id": 2274694, "title": "CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "decathorpe", "email": "decathorpe@gmail.com", "id": 388, "avatar": "https://seccdn.libravatar.org/avatar/67f4ac6a6b20752d6c2ff1f21b29d10c6fcdd05a35ffccdca789fe670dfc3efb?s=24&d=retro", "openid": "decathorpe.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "fedorabugs"}, {"name": "fedora-contributor"}, {"name": "packaging-committee"}, {"name": "pantheon-sig"}, {"name": "multimedia-sig"}, {"name": "ipausers"}, {"name": "libreoffice-sig"}, {"name": "rust-sig"}, {"name": "diversity-pride"}, {"name": "signed_fpca"}]}}, {"karma": -1, "karma_critpath": 0, "text": "", "timestamp": "2024-07-22 11:45:43", "update_id": 628385, "user_id": 388, "id": 3617458, "bug_feedback": [{"karma": 0, "comment_id": 3617458, "bug_id": 2274694, "bug": {"bug_id": 2274694, "title": "CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "decathorpe", "email": "decathorpe@gmail.com", "id": 388, "avatar": "https://seccdn.libravatar.org/avatar/67f4ac6a6b20752d6c2ff1f21b29d10c6fcdd05a35ffccdca789fe670dfc3efb?s=24&d=retro", "openid": "decathorpe.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "fedorabugs"}, {"name": "fedora-contributor"}, {"name": "packaging-committee"}, {"name": "pantheon-sig"}, {"name": "multimedia-sig"}, {"name": "ipausers"}, {"name": "libreoffice-sig"}, {"name": "rust-sig"}, {"name": "diversity-pride"}, {"name": "signed_fpca"}]}}, {"karma": -1, "karma_critpath": 0, "text": "Update doesn't fix AV1 decode using Firefox and YouTube. \nMesa 24.1.4 -- AMD Ryzen 5 7535U \n", "timestamp": "2024-07-22 13:08:04", "update_id": 628385, "user_id": 8158, "id": 3617556, "bug_feedback": [{"karma": 0, "comment_id": 3617556, "bug_id": 2274694, "bug": {"bug_id": 2274694, "title": "CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "calosis", "email": "matthew.pomario@gmail.com", "id": 8158, "avatar": "https://seccdn.libravatar.org/avatar/f5bf24e79744ce352ed857a9e155c8d80ff5ae1ae6f852c7a0a53324f3462d97?s=24&d=retro", "openid": "calosis.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}, {"karma": 0, "karma_critpath": 0, "text": "I assume Firefox use bundled ffmpeg. It's marked to be fixed for Firefox 130 [1].\n\n[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1902227", "timestamp": "2024-07-24 05:38:58", "update_id": 628385, "user_id": 8335, "id": 3630796, "bug_feedback": [{"karma": 0, "comment_id": 3630796, "bug_id": 2274694, "bug": {"bug_id": 2274694, "title": "CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "dhxxx", "email": "david@ixit.cz", "id": 8335, "avatar": "https://seccdn.libravatar.org/avatar/2ffbd9518f4708820e96cabaed36df499b6c3971b36bb0d849f4a505d54fdcc9?s=24&d=retro", "openid": "dhxxx.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}], "builds": [{"nvr": "ffmpeg-6.1.1-19.fc40", "signed": true, "release_id": 76, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2274694, "title": "CVE-2023-49528 ffmpeg: Heap Buffer Overflow vulnerability [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 1, "comment_id": 3616697, "bug_id": 2274694, "comment": {"karma": 1, "karma_critpath": 0, "text": "Installs!", "timestamp": "2024-07-20 21:49:40", "update_id": 628385, "user_id": 6920, "id": 3616697, "testcase_feedback": [], "user": {"name": "farchord", "email": "farchord@gmail.com", "id": 6920, "avatar": "https://seccdn.libravatar.org/avatar/03b4b6185009c1792d10f9411d705b6ed1d7da7de84e5ef925f6baa4f1410a04?s=24&d=retro", "openid": "farchord.id.fedoraproject.org", "groups": [{"name": "lxqt-sig"}, {"name": "packager"}, {"name": "kde-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 3616725, "bug_id": 2274694, "comment": {"karma": 1, "karma_critpath": 0, "text": "Successfully installed and was able to transcode a video into a gif", "timestamp": "2024-07-20 23:56:58", "update_id": 628385, "user_id": 7952, "id": 3616725, "testcase_feedback": [], "user": {"name": "timaeos", "email": "timaeos@proton.me", "id": 7952, "avatar": "https://seccdn.libravatar.org/avatar/d652813b8542e1bea4e7603cb23ce1c353c33112e696b516a42da0057a6c6f3d?s=24&d=retro", "openid": "timaeos.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3617556, "bug_id": 2274694, "comment": {"karma": -1, "karma_critpath": 0, "text": "Update doesn't fix AV1 decode using Firefox and YouTube. \nMesa 24.1.4 -- AMD Ryzen 5 7535U \n", "timestamp": "2024-07-22 13:08:04", "update_id": 628385, "user_id": 8158, "id": 3617556, "testcase_feedback": [], "user": {"name": "calosis", "email": "matthew.pomario@gmail.com", "id": 8158, "avatar": "https://seccdn.libravatar.org/avatar/f5bf24e79744ce352ed857a9e155c8d80ff5ae1ae6f852c7a0a53324f3462d97?s=24&d=retro", "openid": "calosis.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 3617456, "bug_id": 2274694, "comment": {"karma": 0, "karma_critpath": 0, "text": "This does not fix garbled AV1 decode in Firefox with 24.1.4+ for me.", "timestamp": "2024-07-22 11:44:49", "update_id": 628385, "user_id": 388, "id": 3617456, "testcase_feedback": [], "user": {"name": "decathorpe", "email": "decathorpe@gmail.com", "id": 388, "avatar": "https://seccdn.libravatar.org/avatar/67f4ac6a6b20752d6c2ff1f21b29d10c6fcdd05a35ffccdca789fe670dfc3efb?s=24&d=retro", "openid": "decathorpe.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "fedorabugs"}, {"name": "fedora-contributor"}, {"name": "packaging-committee"}, {"name": "pantheon-sig"}, {"name": "multimedia-sig"}, {"name": "ipausers"}, {"name": "libreoffice-sig"}, {"name": "rust-sig"}, {"name": "diversity-pride"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 3630796, "bug_id": 2274694, "comment": {"karma": 0, "karma_critpath": 0, "text": "I assume Firefox use bundled ffmpeg. It's marked to be fixed for Firefox 130 [1].\n\n[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1902227", "timestamp": "2024-07-24 05:38:58", "update_id": 628385, "user_id": 8335, "id": 3630796, "testcase_feedback": [], "user": {"name": "dhxxx", "email": "david@ixit.cz", "id": 8335, "avatar": "https://seccdn.libravatar.org/avatar/2ffbd9518f4708820e96cabaed36df499b6c3971b36bb0d849f4a505d54fdcc9?s=24&d=retro", "openid": "dhxxx.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3617458, "bug_id": 2274694, "comment": {"karma": -1, "karma_critpath": 0, "text": "", "timestamp": "2024-07-22 11:45:43", "update_id": 628385, "user_id": 388, "id": 3617458, "testcase_feedback": [], "user": {"name": "decathorpe", "email": "decathorpe@gmail.com", "id": 388, "avatar": "https://seccdn.libravatar.org/avatar/67f4ac6a6b20752d6c2ff1f21b29d10c6fcdd05a35ffccdca789fe670dfc3efb?s=24&d=retro", "openid": "decathorpe.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "fedorabugs"}, {"name": "fedora-contributor"}, {"name": "packaging-committee"}, {"name": "pantheon-sig"}, {"name": "multimedia-sig"}, {"name": "ipausers"}, {"name": "libreoffice-sig"}, {"name": "rust-sig"}, {"name": "diversity-pride"}, {"name": "signed_fpca"}]}}}]}], "updateid": "FEDORA-2024-810afc5c2e", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}