lp:ubuntu/intrepid-security/ffmpeg-debian
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/ffmpeg-debian
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 8. By Marc Deslauriers
-
* SECURITY UPDATE: Fix a multitude of security issues
- debian/patches/ CVE-2009- 46XX/security- issue03. patch: check stream
existence before assignment
- debian/patches/ CVE-2009- 46XX/security- issue04. patch: check submap
indexes
- debian/patches/ CVE-2009- 46XX/security- issue05. patch: check classbook
value
- debian/patches/ CVE-2009- 46XX/security- issue06. patch: add checks for
per-packet mode indexes and per-header mode mapping indexes
- debian/patches/ CVE-2009- 46XX/security- issue07. patch: check masterbook
index and subclass book index.
- debian/patches/ CVE-2009- 46XX/security- issue08. patch: check
res_setup-> books
- debian/patches/ CVE-2009- 46XX/security- issue09. patch: check
begin/end/partition_ size
- debian/patches/ CVE-2009- 46XX/security- issue10. patch: check validity
of channels & samplerate
- debian/patches/ CVE-2009- 46XX/security- issue11. patch: fix book_idx
check
- debian/patches/ CVE-2009- 46XX/security- issue12. patch: sanity checks
for magnitude and angle
- debian/patches/ CVE-2009- 46XX/security- issue13. patch: fix = -> == typo
- debian/patches/ CVE-2009- 46XX/security- issue14. patch: check dimensions
against 0 too
- debian/patches/ CVE-2009- 46XX/security- issue15. patch: fix
init_get_bits() buffer size
- debian/patches/ CVE-2009- 46XX/security- issue17. patch: make sure that
all memory allocations succeed
- debian/patches/ CVE-2009- 46XX/security- issue18. patch: fix possible
buffer over-read in vorbis_comment
- debian/patches/ CVE-2009- 46XX/security- issue19. patch: set data_size to
0 to avoid having it uninitialized
- debian/patches/ CVE-2009- 46XX/security- issue20. patch: disable parsing
for ogg streams where no ogg header was found
- debian/patches/ CVE-2009- 46XX/security- issue22. patch: check codec_id
and codec_type, make sure priv_data is freed and codec is set to NULL
- CVE-2009-4632
- CVE-2009-4633
- CVE-2009-4634
- CVE-2009-4635
- CVE-2009-4637
- CVE-2009-4639
- CVE-2009-4640 - 7. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
- debian/patches/ 100_security_ CVE-2008- 4610.diff: properly check return
codes in libavcodec/vp3.c.
- CVE-2008-4610
* SECURITY UPDATE: multiple buffer overflows in DTS generation code
- debian/patches/ 101_security_ CVE-2008- 4866.diff: make sure delay is smaller
than the maximum allowed in libavformat/utils.c and increase maximum
allowed in libavformat/avformat. h.
- CVE-2008-4866
* SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
value
- debian/patches/ 102_security_ CVE-2008- 4867.diff: set DCA_MAX_FRAME_SIZE to
a correct value in libavcodec/dca.c.
- CVE-2008-4867
* SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
(LP: #323620)
- debian/patches/ 103_security_ CVE-2009- 0385.diff: validate current_track
value in libavformat/4xm.c.
- CVE-2009-0385 - 6. By Reinhard Tartler
-
snatch patch from debian: enable ffserver in cmov, altivec and vis
variants. (Closes: #501002) - 5. By Reinhard Tartler
-
* Replace Vcs-Svn headers with Vcs-Bzr header
* enable libfaad support via dlopen(). LP: #6366
* enable liba52 support via dlopen(). LP: #197133
* add libfaad0 and liba52-0.7.4, to Suggests of libavcodec51
* Adjust sonames used by dlopen() on liba52 and libfaad in liba52.c and
libfaad.cThis change has been staged in the motumedia PPA and verified by
myself. While doing this the new patch
51_dlopen_correct_ libfaad_ and_liba52_ so.diff has been created. - 4. By Reinhard Tartler
-
* Resyncronize with debian. Remaining changes:
- add epoch needed for ubuntu.
- debian/control: drop build dependencies on libfaad,
both not in ubuntu/main.
- debian/control: adjust dependency for coping with annoying epoch.
- keep myself in the maintainer field.
- add epochs for conflicts/replaces entries in debian/control as well. - 3. By Reinhard Tartler
-
* Resyncronize with debian. Remaining changes:
- add epoch needed for ubuntu.
- debian/control: drop build dependencies on libfaad,
both not in ubuntu/main.
- debian/control: adjust dependency for coping with annoying epoch.
- keep myself in the maintainer field.
- add epochs for conflicts/replaces entries in debian/control as well. - 2. By Reinhard Tartler
-
* Resyncronize with debian. Remaining changes:
- add epoch needed for ubuntu.
- debian/control: drop build dependencies on libfaad,
both not in ubuntu/main.
- debian/control: adjust dependency for coping with annoying epoch.
- Set myself in the maintainer field.
* add epochs for conflicts/replaces entries in debian/control as well.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/ffmpeg-debian