Ubuntu
ffmpeg-extra package

lp:ubuntu/lucid-security/ffmpeg-extra

  1. Lucid (10.04)
  2. lucid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/ffmpeg-extra
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

17. By Marc Deslauriers

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803

16. By Marc Deslauriers

* SECURITY UPDATE: security issues in decode_pic
  - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
    libavcodec/cavsdec.c.
  - CVE-2012-2777
  - CVE-2012-2784
* SECURITY UPDATE: out of array read in avi_read_packet function
  - debian/patches/CVE-2012-2788.patch: use accurate size in
    libavformat/avidec.c.
  - CVE-2012-2788
* SECURITY UPDATE: out of array writes in avs.c
  - debian/patches/CVE-2012-2801.patch: force dimensions in
    libavcodec/avs.c.
  - CVE-2012-2801

15. By Marc Deslauriers

* SECURITY UPDATE: Updated to libav 0.5.9 to fix multiple security
  issues. (LP: #1012132)
  - CVE-2011-3929
  - CVE-2011-3936
  - CVE-2011-3940
  - CVE-2011-3947
  - CVE-2011-3951
  - CVE-2011-3952
  - CVE-2012-0851
  - CVE-2012-0852
  - CVE-2012-0853
  - CVE-2012-0858
  - CVE-2012-0859
  - CVE-2012-0947
* Removed upstreamed patches:
  - CVE-2010-3429.patch
  - CVE-2010-3908.patch
  - CVE-2010-4704.patch
  - CVE-2011-0480.patch
  - CVE-2011-0722.patch
  - CVE-2011-0723.patch
  - CVE-2011-2161.patch
  - CVE-2011-3362.patch
  - CVE-2011-3504.patch
  - CVE-2011-4351.patch
  - CVE-2011-4353.patch
  - CVE-2011-4364.patch
  - CVE-2011-4579.patch

14. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  malformed Matroska file
  - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
    in libavformat/matroskadec.c.
  - CVE-2011-3504
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing QDM2 stream
  - debian/patches/CVE-2011-4351.patch: check boundaries in
    libavcodec/qdm2.c.
  - CVE-2011-4351
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing VP5 or VP6 streams
  - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
    and libavcodec/vp6.c.
  - CVE-2011-4353
* SECURITY UPDATE: denial of service and possible code execution via
  malformed VMD file
  - debian/patches/CVE-2011-4364.patch: properly check lengths in
    libavcodec/vmdav.c.
  - CVE-2011-4364
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing svq1 stream
  - debian/patches/CVE-2011-4579.patch: set dimensions after they have
    changed in libavcodec/svq1dec.c.
  - CVE-2011-4579

13. By Marc Deslauriers

* SECURITY UPDATE: denial of service via malformed APE file
  - debian/patches/CVE-2011-2161.patch: make sure there are frames in
    libavformat/ape.c.
  - CVE-2011-2161
* SECURITY UPDATE: arbitrary code execution via malformed CAVS file
  - debian/patches/CVE-2011-3362.patch: validate values in
    libavcodec/cavsdec.c.
  - CVE-2011-3362

12. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

11. By Reinhard Tartler

* merge from 'main' package. Changes
  - build against faad, dirac, libopenjpeg, x264, mp3lame and xvidcore

10. By Reinhard Tartler

* tighten build dependency on new x264 package
* add libx264 wrapper backport for ffmpeg 0.5
* install presets in 'libavcodec package' instead of 'ffmpeg' binary,
  see git history for rationale of this change

9. By Reinhard Tartler

rebuild for ffmpeg versioned symbols

8. By Iain Lane

No-change rebuild against new dirac package synced from Debian

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/ffmpeg-extra
This branch contains Public information 
Everyone can see this information.

Subscribers