lp:~medibuntu-maintainers/ffmpeg/medibuntu.lucid

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #356322: using -qscale in ffmpeg doesn't have any effect on coding	Undecided	Fix Released
Bug #386397: ffmpeg gets "Illegal instruction" on Pentium II	Medium	Fix Released
Bug #443264: swscale compile time width (VOF/VOFW) should be higher	Low	Fix Released
Bug #488267: ffmpeg should be built with -marm for lucid on armel	Low	Fix Released
Bug #490227: Wishlist: create ffmpeg with aac/libfaac support for Karmic	Undecided	Won't Fix
Bug #501729: ffmpeg: unrecognized option '-album'	Undecided	Fix Released
Bug #502209: Wishlist: create libavcodec-extra-52 and friends for Lucid	Wishlist	Fix Released
Bug #690169: Memory corruption in wmv parsing	Undecided	Invalid
Bug #1012132: June libav/ffmpeg security update tracking bug	Medium	Fix Released
Bug #1104019: January 2013 libav security tracking bug	Undecided	Fix Released

Link a bug report

Related blueprints

22. By Gauvain Pocentek on 2013-02-02

* Merge from lucid-security.
* debian/control:
  - update maintainer
  - update uploaders
  - use our addresses in Vcs-* fields
  - build-depends on libfaac-dev, libopencore-amrnb-dev and
    libopencore-amrwb-dev to add aac encoding and amr support
  - recommends apport-hooks-medibuntu for lib*-extra-* to catch all bug
    reports.
* debian/confflags: add detection for opencore-amr.
* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803

21. By Gauvain Pocentek on 2012-12-22

* Merge from lucid-security.
* debian/control:
  - update maintainer
  - update uploaders
  - use our addresses in Vcs-* fields
  - build-depends on libfaac-dev, libopencore-amrnb-dev and
    libopencore-amrwb-dev to add aac encoding and amr support
  - recommends apport-hooks-medibuntu for lib*-extra-* to catch all bug
    reports.
* debian/confflags: add detection for opencore-amr.
* SECURITY UPDATE: security issues in decode_pic
  - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
    libavcodec/cavsdec.c.
  - CVE-2012-2777
  - CVE-2012-2784
* SECURITY UPDATE: out of array read in avi_read_packet function
  - debian/patches/CVE-2012-2788.patch: use accurate size in
    libavformat/avidec.c.
  - CVE-2012-2788
* SECURITY UPDATE: out of array writes in avs.c
  - debian/patches/CVE-2012-2801.patch: force dimensions in
    libavcodec/avs.c.
  - CVE-2012-2801

20. By Gauvain Pocentek on 2012-06-29

* Merge from lucid-security.
* debian/control:
  - update maintainer
  - update uploaders
  - use our addresses in Vcs-* fields
  - build-depends on libfaac-dev, libopencore-amrnb-dev and
    libopencore-amrwb-dev to add aac encoding and amr support
  - recommends apport-hooks-medibuntu for lib*-extra-* to catch all bug
    reports.
* debian/confflags: add detection for opencore-amr.
* SECURITY UPDATE: Updated to libav 0.5.9 to fix multiple security
  issues. (LP: #1012132)
  - CVE-2011-3929
  - CVE-2011-3936
  - CVE-2011-3940
  - CVE-2011-3947
  - CVE-2011-3951
  - CVE-2011-3952
  - CVE-2012-0851
  - CVE-2012-0852
  - CVE-2012-0853
  - CVE-2012-0858
  - CVE-2012-0859
  - CVE-2012-0947
* Removed upstreamed patches:
  - CVE-2010-3429.patch
  - CVE-2010-3908.patch
  - CVE-2010-4704.patch
  - CVE-2011-0480.patch
  - CVE-2011-0722.patch
  - CVE-2011-0723.patch
  - CVE-2011-2161.patch
  - CVE-2011-3362.patch
  - CVE-2011-3504.patch
  - CVE-2011-4351.patch
  - CVE-2011-4353.patch
  - CVE-2011-4364.patch
  - CVE-2011-4579.patch

19. By Gauvain Pocentek on 2012-01-07

* Merge from lucid-security.
* debian/control:
  - update maintainer
  - update uploaders
  - use our addresses in Vcs-* fields
  - build-depends on libfaac-dev, libopencore-amrnb-dev and
    libopencore-amrwb-dev to add aac encoding and amr support lp: #490227
  - recommends apport-hooks-medibuntu for lib*-extra-* to catch all bug
    reports.
* debian/confflags: add detection for opencore-amr.
* SECURITY UPDATE: denial of service and possible code execution via
  malformed Matroska file
  - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
    in libavformat/matroskadec.c.
  - CVE-2011-3504
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing QDM2 stream
  - debian/patches/CVE-2011-4351.patch: check boundaries in
    libavcodec/qdm2.c.
  - CVE-2011-4351
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing VP5 or VP6 streams
  - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
    and libavcodec/vp6.c.
  - CVE-2011-4353
* SECURITY UPDATE: denial of service and possible code execution via
  malformed VMD file
  - debian/patches/CVE-2011-4364.patch: properly check lengths in
    libavcodec/vmdav.c.
  - CVE-2011-4364
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing svq1 stream
  - debian/patches/CVE-2011-4579.patch: set dimensions after they have
    changed in libavcodec/svq1dec.c.
  - CVE-2011-4579

18. By Gauvain Pocentek on 2011-09-23

* Merge from lucid-security.
* debian/control:
  - update maintainer
  - update uploaders
  - use our addresses in Vcs-* fields
  - build-depends on libfaac-dev, libopencore-amrnb-dev and
    libopencore-amrwb-dev to add aac encoding and amr support lp: #490227
  - recommends apport-hooks-medibuntu for lib*-extra-* to catch all bug
    reports.
* debian/confflags: add detection for opencore-amr.
* SECURITY UPDATE: denial of service via malformed APE file
  - debian/patches/CVE-2011-2161.patch: make sure there are frames in
    libavformat/ape.c.
  - CVE-2011-2161
* SECURITY UPDATE: arbitrary code execution via malformed CAVS file
  - debian/patches/CVE-2011-3362.patch: validate values in
    libavcodec/cavsdec.c.
  - CVE-2011-3362

17. By Gauvain Pocentek <gauvain@images> on 2011-04-08

put my name in the changelog...

16. By Gauvain Pocentek <gauvain@images> on 2011-04-08

debian/control:
  - update uploaders (remove Guillaume and add myself)

15. By Gauvain Pocentek <gauvain@images> on 2011-04-08

* Merge from lucid-security.
* debian/control:
  - update maintainer and uploaders
  - use our addresses in Vcs-* fields
  - build-depends on libfaac-dev, libopencore-amrnb-dev and
    libopencore-amrwb-dev to add aac encoding and amr support lp: #490227
  - recommends apport-hooks-medibuntu for lib*-extra-* to catch all bug
    reports.
* debian/confflags: add detection for opencore-amr.
* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

14. By Lionel Le Folgoc on 2010-03-21

releasing version 4:0.5.1-1ubuntu1+medibuntu1

13. By Lionel Le Folgoc on 2010-03-21

* Merge from lucid.
* debian/control:
  - update maintainer and uploaders
  - use our addresses in Vcs-* fields
  - build-depends on libfaac-dev, libopencore-amrnb-dev and
    libopencore-amrwb-dev to add aac encoding and amr support lp: #490227
  - recommends apport-hooks-medibuntu for lib*-extra-* to catch all bug
    reports.
* debian/confflags: add detection for opencore-amr.
* merge from 'main' package. Changes
  - build against faad, dirac, libopenjpeg, x264, mp3lame and xvidcore
* merge from debian. remaining changes:
  - don't disable encoders
  - don't build against libfaad, libdirac and libopenjpeg (all in universe)
* new upstream release:
  - clarifies documentation on metadata, Closes: #570050, LP: #501729
  - further security backports, Closes: #570713
* adapt to new versioning scheme
* use '<<' instead of '<' relationship for internal shlib file
* merge changes from ubuntu packaging
* drop wmapro backport again as discussed with upstream. The unrelated
  changes seem too risky for a stable release.
* debian/patches/901-fix-misc-typos.patch: New patch taken from
  upstream GIT (slightly modified) to fix some spelling errors.
* Document our calling of debhelper programs in an odd order in
  debian/rules.
* document some unattributed patches
* enable cpu autodetection in libswscale, Closes: #567725, LP: #386397
* backport wmapro codec from ffmpeg trunk
* tighten build dependency on new x264 package
* add libx264 wrapper backport for ffmpeg 0.5
* install presets in 'libavcodec package' instead of 'ffmpeg' binary,
  see git history for rationale of this change
* Upload to unstable
* Urgency medium because of fixed RC bugs (security issues)