lp:ubuntu/lucid-security/ffmpeg-extra

Created by James Westby on 2011-04-06 and last modified on 2013-01-28
Get this branch:
bzr branch lp:ubuntu/lucid-security/ffmpeg-extra
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

17. By Marc Deslauriers on 2013-01-24

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803

16. By Marc Deslauriers on 2012-12-19

* SECURITY UPDATE: security issues in decode_pic
  - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
    libavcodec/cavsdec.c.
  - CVE-2012-2777
  - CVE-2012-2784
* SECURITY UPDATE: out of array read in avi_read_packet function
  - debian/patches/CVE-2012-2788.patch: use accurate size in
    libavformat/avidec.c.
  - CVE-2012-2788
* SECURITY UPDATE: out of array writes in avs.c
  - debian/patches/CVE-2012-2801.patch: force dimensions in
    libavcodec/avs.c.
  - CVE-2012-2801

15. By Marc Deslauriers on 2012-06-12

* SECURITY UPDATE: Updated to libav 0.5.9 to fix multiple security
  issues. (LP: #1012132)
  - CVE-2011-3929
  - CVE-2011-3936
  - CVE-2011-3940
  - CVE-2011-3947
  - CVE-2011-3951
  - CVE-2011-3952
  - CVE-2012-0851
  - CVE-2012-0852
  - CVE-2012-0853
  - CVE-2012-0858
  - CVE-2012-0859
  - CVE-2012-0947
* Removed upstreamed patches:
  - CVE-2010-3429.patch
  - CVE-2010-3908.patch
  - CVE-2010-4704.patch
  - CVE-2011-0480.patch
  - CVE-2011-0722.patch
  - CVE-2011-0723.patch
  - CVE-2011-2161.patch
  - CVE-2011-3362.patch
  - CVE-2011-3504.patch
  - CVE-2011-4351.patch
  - CVE-2011-4353.patch
  - CVE-2011-4364.patch
  - CVE-2011-4579.patch

14. By Marc Deslauriers on 2011-12-21

* SECURITY UPDATE: denial of service and possible code execution via
  malformed Matroska file
  - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
    in libavformat/matroskadec.c.
  - CVE-2011-3504
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing QDM2 stream
  - debian/patches/CVE-2011-4351.patch: check boundaries in
    libavcodec/qdm2.c.
  - CVE-2011-4351
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing VP5 or VP6 streams
  - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
    and libavcodec/vp6.c.
  - CVE-2011-4353
* SECURITY UPDATE: denial of service and possible code execution via
  malformed VMD file
  - debian/patches/CVE-2011-4364.patch: properly check lengths in
    libavcodec/vmdav.c.
  - CVE-2011-4364
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing svq1 stream
  - debian/patches/CVE-2011-4579.patch: set dimensions after they have
    changed in libavcodec/svq1dec.c.
  - CVE-2011-4579

13. By Marc Deslauriers on 2011-09-19

* SECURITY UPDATE: denial of service via malformed APE file
  - debian/patches/CVE-2011-2161.patch: make sure there are frames in
    libavformat/ape.c.
  - CVE-2011-2161
* SECURITY UPDATE: arbitrary code execution via malformed CAVS file
  - debian/patches/CVE-2011-3362.patch: validate values in
    libavcodec/cavsdec.c.
  - CVE-2011-3362

12. By Marc Deslauriers on 2011-04-06

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

11. By Reinhard Tartler on 2010-03-04

* merge from 'main' package. Changes
  - build against faad, dirac, libopenjpeg, x264, mp3lame and xvidcore

10. By Reinhard Tartler on 2010-02-17

* tighten build dependency on new x264 package
* add libx264 wrapper backport for ffmpeg 0.5
* install presets in 'libavcodec package' instead of 'ffmpeg' binary,
  see git history for rationale of this change

9. By Reinhard Tartler on 2010-01-19

rebuild for ffmpeg versioned symbols

8. By Iain Lane on 2010-01-17

No-change rebuild against new dirac package synced from Debian

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/ffmpeg-extra
This branch contains Public information 
Everyone can see this information.

Subscribers