lp:ubuntu/hardy-security/ffmpeg

Created by James Westby on 2009-07-25 and last modified on 2011-04-04
Get this branch:
bzr branch lp:ubuntu/hardy-security/ffmpeg
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

23. By Marc Deslauriers on 2011-03-31

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis.c.
  - CVE-2011-0480
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

22. By Marc Deslauriers on 2010-04-23

debian/patches/CVE-2009-46XX/security-issue22.patch: removed this
patch as it was causing a regression. (LP: #567913)

21. By Marc Deslauriers on 2010-04-08

* SECURITY UPDATE: Fix a multitude of security issues
  - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
    existence before assignment
  - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
    indexes
  - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
    value
  - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
    per-packet mode indexes and per-header mode mapping indexes
  - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
    index and subclass book index.
  - debian/patches/CVE-2009-46XX/security-issue08.patch: check
    res_setup->books
  - debian/patches/CVE-2009-46XX/security-issue09.patch: check
    begin/end/partition_size
  - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
    of channels & samplerate
  - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
    check
  - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
    for magnitude and angle
  - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
  - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
    against 0 too
  - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
    all memory allocations succeed
  - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
    0 to avoid having it uninitialized
  - debian/patches/CVE-2009-46XX/security-issue22.patch: check codec_id
    and codec_type, make sure priv_data is freed and codec is set to NULL
  - CVE-2009-4633
  - CVE-2009-4634
  - CVE-2009-4635
  - CVE-2009-4637
  - CVE-2009-4639
  - CVE-2009-4640

20. By Marc Deslauriers on 2009-03-16

* SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
  - debian/patches/100_security_CVE-2008-4610.diff: properly check return
    codes in libavcodec/vp3.c.
  - CVE-2008-4610
* SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
  value
  - debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
    a correct value in libavcodec/dca.c.
  - CVE-2008-4867
* SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
  (LP: #323620)
  - debian/patches/102_security_CVE-2009-0385.diff: validate current_track
    value in libavformat/4xm.c.
  - CVE-2009-0385

19. By Marc Deslauriers on 2009-03-13

* SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
  - debian/patches/100_security_CVE-2008-4610.diff: properly check return
    codes in libavcodec/vp3.c.
  - CVE-2008-4610
* SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
  value
  - debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
    a correct value in libavcodec/dca.c.
  - CVE-2008-4867
* SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
  (LP: #323620)
  - debian/patches/102_security_CVE-2009-0385.diff: validate current_track
    value in libavformat/4xm.c.
  - CVE-2009-0385

18. By Kees Cook on 2008-07-23

* SECURITY UPDATE: crash from crafted STR file.
* Add debian/patches/400_str_file_crash.diff: backported upstream fixes.
* References
  CVE-2008-3162

17. By Stephan Ruegamer on 2008-03-11

* added qt-faststart (LP: #200996)
  reorders the components of an H.264 MPEG4 video file to enable progressive
  download playback of certain H.264 videos in the Flash Player browser plugin.
* debian/rules:
  - build: $(MAKE) qt-faststart
  - install: cp this to debian/tmp/usr/bin/
* debian/ffmpeg.install:
  - added usr/bin/qt-faststart

16. By Mario Đanić on 2007-08-06

* Implemented 061_fix_resample_warnings.diff
    Fixes LP: #122266
* debian/control:
  - set MOTU as maintainer
  - set XSBC-Original-Maintainer: Debian multimedia packages maintainers

15. By Anthony Mercatante <tonio@kubuntu> on 2007-12-02

Rebuilt against new libx264

14. By Reinhard Tartler on 2007-06-03

make ffmpeg-config not add -ldts and -la52 to LDFLAGS. fixes FTBFS in
unrelated packages.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/ffmpeg
This branch contains Public information 
Everyone can see this information.

Subscribers