Ubuntu
ffmpeg-debian package

lp:ubuntu/intrepid-security/ffmpeg-debian

  1. Intrepid (8.10)
  2. intrepid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-security/ffmpeg-debian
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

8. By Marc Deslauriers

* SECURITY UPDATE: Fix a multitude of security issues
  - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
    existence before assignment
  - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
    indexes
  - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
    value
  - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
    per-packet mode indexes and per-header mode mapping indexes
  - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
    index and subclass book index.
  - debian/patches/CVE-2009-46XX/security-issue08.patch: check
    res_setup->books
  - debian/patches/CVE-2009-46XX/security-issue09.patch: check
    begin/end/partition_size
  - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
    of channels & samplerate
  - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
    check
  - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
    for magnitude and angle
  - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
  - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
    against 0 too
  - debian/patches/CVE-2009-46XX/security-issue15.patch: fix
    init_get_bits() buffer size
  - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
    all memory allocations succeed
  - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
    buffer over-read in vorbis_comment
  - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
    0 to avoid having it uninitialized
  - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
    for ogg streams where no ogg header was found
  - debian/patches/CVE-2009-46XX/security-issue22.patch: check codec_id
    and codec_type, make sure priv_data is freed and codec is set to NULL
  - CVE-2009-4632
  - CVE-2009-4633
  - CVE-2009-4634
  - CVE-2009-4635
  - CVE-2009-4637
  - CVE-2009-4639
  - CVE-2009-4640

7. By Marc Deslauriers

* SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
  - debian/patches/100_security_CVE-2008-4610.diff: properly check return
    codes in libavcodec/vp3.c.
  - CVE-2008-4610
* SECURITY UPDATE: multiple buffer overflows in DTS generation code
  - debian/patches/101_security_CVE-2008-4866.diff: make sure delay is smaller
    than the maximum allowed in libavformat/utils.c and increase maximum
    allowed in libavformat/avformat.h.
  - CVE-2008-4866
* SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
  value
  - debian/patches/102_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
    a correct value in libavcodec/dca.c.
  - CVE-2008-4867
* SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
  (LP: #323620)
  - debian/patches/103_security_CVE-2009-0385.diff: validate current_track
    value in libavformat/4xm.c.
  - CVE-2009-0385

6. By Reinhard Tartler

snatch patch from debian: enable ffserver in cmov, altivec and vis
variants. (Closes: #501002)

5. By Reinhard Tartler

* Replace Vcs-Svn headers with Vcs-Bzr header
* enable libfaad support via dlopen(). LP: #6366
* enable liba52 support via dlopen(). LP: #197133
* add libfaad0 and liba52-0.7.4, to Suggests of libavcodec51
* Adjust sonames used by dlopen() on liba52 and libfaad in liba52.c and
  libfaad.c

  This change has been staged in the motumedia PPA and verified by
  myself. While doing this the new patch
  51_dlopen_correct_libfaad_and_liba52_so.diff has been created.

4. By Reinhard Tartler

* Resyncronize with debian. Remaining changes:
  - add epoch needed for ubuntu.
  - debian/control: drop build dependencies on libfaad,
    both not in ubuntu/main.
  - debian/control: adjust dependency for coping with annoying epoch.
  - keep myself in the maintainer field.
  - add epochs for conflicts/replaces entries in debian/control as well.

3. By Reinhard Tartler

* Resyncronize with debian. Remaining changes:
  - add epoch needed for ubuntu.
  - debian/control: drop build dependencies on libfaad,
    both not in ubuntu/main.
  - debian/control: adjust dependency for coping with annoying epoch.
  - keep myself in the maintainer field.
  - add epochs for conflicts/replaces entries in debian/control as well.

2. By Reinhard Tartler

* Resyncronize with debian. Remaining changes:
  - add epoch needed for ubuntu.
  - debian/control: drop build dependencies on libfaad,
    both not in ubuntu/main.
  - debian/control: adjust dependency for coping with annoying epoch.
  - Set myself in the maintainer field.
* add epochs for conflicts/replaces entries in debian/control as well.

1. By Reinhard Tartler

Import upstream version 0.svn20080206

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/ffmpeg-debian
This branch contains Public information 
Everyone can see this information.

Subscribers