Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-4 for openSUSE:Factory checked in at 2026-05-27 16:14:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-4" Wed May 27 16:14:26 2026 rev:94 rq:1355250 version:4.4.7 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes 2026-05-23 23:28:15.842883953 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1937/ffmpeg-4.changes 2026-05-27 16:14:48.283610761 +0200 @@ -1,0 +2,8 @@ +Sat May 23 17:15:08 UTC 2026 - Cliff Zhao <[email protected]> + +- Add ffmpeg-4-CVE-2025-10256.patch: + Backport a2546248 from upstream, Add check for the return value + of av_malloc_array() to avoid potential NULL pointer dereference. + (CVE-2025-10256, bsc#1249431) + +------------------------------------------------------------------- @@ -5,0 +14,4 @@ + * aacenc_tns: clamp filter direction energy measurement. + (CVE-2025-1594, bsc#1237561) + * avcodec/jpeg2000dec: implement cdef remapping during pixel format matching. + (CVE-2025-9951, bsc#1249393) @@ -162,0 +175 @@ + avformat/sbgdec: Check for negative duration (CVE-2024-35366, bsc#1234030). New: ---- ffmpeg-4-CVE-2025-10256.patch ----------(New B)---------- New: - Add ffmpeg-4-CVE-2025-10256.patch: Backport a2546248 from upstream, Add check for the return value ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-4.spec ++++++ --- /var/tmp/diff_new_pack.qiITum/_old 2026-05-27 16:14:52.403780086 +0200 +++ /var/tmp/diff_new_pack.qiITum/_new 2026-05-27 16:14:52.403780086 +0200 @@ -149,6 +149,7 @@ Patch39: ffmpeg-4-CVE-2023-6601.patch Patch40: ffmpeg-4-CVE-2025-63757.patch Patch41: ffmpeg-4-CVE-2026-40962.patch +Patch42: ffmpeg-4-CVE-2025-10256.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.qiITum/_old 2026-05-27 16:14:52.447781893 +0200 +++ /var/tmp/diff_new_pack.qiITum/_new 2026-05-27 16:14:52.451782057 +0200 @@ -1,5 +1,5 @@ -mtime: 1779502447 -commit: 83a92374d2ff42150adb8899203de14ed53eeaeccf288a382c502addfb2622ee +mtime: 1779821373 +commit: 5960bb3a1374b57fe4a00b72f2d783e7442d13956d97d946b5d575769238cea2 url: https://src.opensuse.org/jengelh/ffmpeg-4 revision: master ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-26 20:49:33.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ ffmpeg-4-CVE-2025-10256.patch ++++++ Author: Jiasheng Jiang <[email protected]> Date: Wed Aug 6 16:39:47 2025 +0000 libavfilter/af_firequalizer: Add check for av_malloc_array() Add check for the return value of av_malloc_array() to avoid potential NULL pointer dereference. Fixes: d3be186ed1 ("avfilter/firequalizer: add dumpfile and dumpscale option") Signed-off-by: Jiasheng Jiang <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> diff a/libavfilter/af_firequalizer.c b/libavfilter/af_firequalizer.c --- a/libavfilter/af_firequalizer.c +++ b/libavfilter/af_firequalizer.c @@ -822,6 +822,8 @@ static int config_input(AVFilterLink *in if (s->dumpfile) { s->analysis_rdft = av_rdft_init(rdft_bits, DFT_R2C); s->dump_buf = av_malloc_array(s->analysis_rdft_len, sizeof(*s->dump_buf)); + if (!s->dump_buf) + return AVERROR(ENOMEM); } s->analysis_buf = av_malloc_array(s->analysis_rdft_len, sizeof(*s->analysis_buf));
