lp:ubuntu/karmic-security/ffmpeg

Created by James Westby on 2010-04-19 and last modified on 2011-04-04
Get this branch:
bzr branch lp:ubuntu/karmic-security/ffmpeg
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

40. By Marc Deslauriers on 2011-03-31

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

39. By Marc Deslauriers on 2010-04-23

debian/patches/CVE-2009-46XX/security-issue22.patch: removed this
patch as it was causing a regression. (LP: #567913)

38. By Marc Deslauriers on 2010-04-08

* SECURITY UPDATE: Fix a multitude of security issues
  - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
    existence before assignment
  - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
    indexes
  - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
    value
  - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
    per-packet mode indexes and per-header mode mapping indexes
  - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
    index and subclass book index.
  - debian/patches/CVE-2009-46XX/security-issue08.patch: check
    res_setup->books
  - debian/patches/CVE-2009-46XX/security-issue09.patch: check
    begin/end/partition_size
  - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
    of channels & samplerate
  - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
    check
  - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
    for magnitude and angle
  - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
  - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
    against 0 too
  - debian/patches/CVE-2009-46XX/security-issue15.patch: fix
    init_get_bits() buffer size
  - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
    all memory allocations succeed
  - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
    buffer over-read in vorbis_comment
  - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
    0 to avoid having it uninitialized
  - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
    for ogg streams where no ogg header was found
  - debian/patches/CVE-2009-46XX/security-issue22.patch: check codec_id
    and codec_type, make sure priv_data is freed and codec is set to NULL
  - CVE-2009-4632
  - CVE-2009-4633
  - CVE-2009-4634
  - CVE-2009-4635
  - CVE-2009-4637
  - CVE-2009-4639
  - CVE-2009-4640

37. By Loïc Minier on 2009-10-13

[ Reinhard Tartler ]
* Make arguments of av_set_pts_info() unsigned.
* update debian/changelog
* use patch for issue1245 from git.ffmpeg.org
* Support constant-quant encoding for libtheora, LP: #356322
* increase swscale compile time width (VOF/VOFW), LP: #443264

[ Loïc Minier ]
* Update config for karmic's armel toolchain.
* Enable neon flavour; LP: #383240.
* Update NEON confflags to assume v7 and VFP.
* Add backported NEON patches from ffmpeg trunk; see debian/patches/neon/.
* Pass proper --cpu and --extra-flags on armel.
* Pass -fPIC -DPIC to neon pass.

36. By Reinhard Tartler on 2009-08-26

* merge from debian. Remaining changes:
  - disabled output decoders: faad, openjpeg, dirac (all not in main)
  - build arm vfp variant
  - don't build depend on yasm.
* fix dependencies on -extra packages: LP: #418705, #416348
* no need to remove mpeg encoders in the ubuntu package, unless we hear
  otherwise from some patent owner. This brings back the mpeg2video
  encoder is available. cf. formats.txt.gz LP: #416585

35. By Reinhard Tartler on 2009-08-25

update the dependencies of the -dev packages for the
unstripped -> extra renaming

34. By Reinhard Tartler on 2009-08-25

really drop libopenjpeg from build depends.

33. By Reinhard Tartler on 2009-08-15

* merge from debian. Remaining changes:
  - don't build-depend on libfaad-dev, disabling faad decoder.
  - build arm vfp variant
  - don't build libopenjpeg support (not in main)
* change shlibs file to make applications depend on the -extra- packages.
* don't build depend on yasm.

32. By Reinhard Tartler on 2009-07-25

* don't build against faac in any case, it is deemed non-free
* update debian/changelog
* enable libopenjpeg support for the multiverse package

31. By Reinhard Tartler on 2009-07-24

* brown paperbag upload
* add missing comma in build depends

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/ffmpeg
This branch contains Public information 
Everyone can see this information.

Subscribers