lp:ubuntu/lucid-security/ffmpeg

Created by James Westby on 2011-04-04 and last modified on 2013-01-28
Get this branch:
bzr branch lp:ubuntu/lucid-security/ffmpeg
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

48. By Marc Deslauriers on 2013-01-24

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803

47. By Marc Deslauriers on 2012-12-18

* SECURITY UPDATE: security issues in decode_pic
  - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
    libavcodec/cavsdec.c.
  - CVE-2012-2777
  - CVE-2012-2784
* SECURITY UPDATE: out of array read in avi_read_packet function
  - debian/patches/CVE-2012-2788.patch: use accurate size in
    libavformat/avidec.c.
  - CVE-2012-2788
* SECURITY UPDATE: out of array writes in avs.c
  - debian/patches/CVE-2012-2801.patch: force dimensions in
    libavcodec/avs.c.
  - CVE-2012-2801

46. By Marc Deslauriers on 2012-06-12

* SECURITY UPDATE: Updated to libav 0.5.9 to fix multiple security
  issues. (LP: #1012132)
  - CVE-2011-3929
  - CVE-2011-3936
  - CVE-2011-3940
  - CVE-2011-3947
  - CVE-2011-3951
  - CVE-2011-3952
  - CVE-2012-0851
  - CVE-2012-0852
  - CVE-2012-0853
  - CVE-2012-0858
  - CVE-2012-0859
  - CVE-2012-0947
* Removed upstreamed patches:
  - CVE-2010-3429.patch
  - CVE-2010-3908.patch
  - CVE-2010-4704.patch
  - CVE-2011-0480.patch
  - CVE-2011-0722.patch
  - CVE-2011-0723.patch
  - CVE-2011-2161.patch
  - CVE-2011-3362.patch
  - CVE-2011-3504.patch
  - CVE-2011-4351.patch
  - CVE-2011-4353.patch
  - CVE-2011-4364.patch
  - CVE-2011-4579.patch

45. By Marc Deslauriers on 2011-12-21

* SECURITY UPDATE: denial of service and possible code execution via
  malformed Matroska file
  - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
    in libavformat/matroskadec.c.
  - CVE-2011-3504
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing QDM2 stream
  - debian/patches/CVE-2011-4351.patch: check boundaries in
    libavcodec/qdm2.c.
  - CVE-2011-4351
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing VP5 or VP6 streams
  - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
    and libavcodec/vp6.c.
  - CVE-2011-4353
* SECURITY UPDATE: denial of service and possible code execution via
  malformed VMD file
  - debian/patches/CVE-2011-4364.patch: properly check lengths in
    libavcodec/vmdav.c.
  - CVE-2011-4364
* SECURITY UPDATE: denial of service and possible code execution via
  malformed file containing svq1 stream
  - debian/patches/CVE-2011-4579.patch: set dimensions after they have
    changed in libavcodec/svq1dec.c.
  - CVE-2011-4579

44. By Marc Deslauriers on 2011-09-16

* SECURITY UPDATE: denial of service via malformed APE file
  - debian/patches/CVE-2011-2161.patch: make sure there are frames in
    libavformat/ape.c.
  - CVE-2011-2161
* SECURITY UPDATE: arbitrary code execution via malformed CAVS file
  - debian/patches/CVE-2011-3362.patch: validate values in
    libavcodec/cavsdec.c.
  - CVE-2011-3362

43. By Marc Deslauriers on 2011-03-31

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723

42. By Reinhard Tartler on 2010-03-04

* merge from debian. remaining changes:
  - don't disable encoders
  - don't build against libfaad, libdirac and libopenjpeg (all in universe)

41. By Reinhard Tartler on 2010-02-17

* tighten build dependency on new x264 package
* add x264 backport for ffmpeg 0.5
* install presets in 'libavcodec package' instead of 'ffmpeg' binary,
  see git history for rationale of this change

40. By Reinhard Tartler on 2010-01-16

* merge from debian, remaining changes:
  - dont disable internal encoders
  - disabled extra depedencies (come with ffmpeg-extra)
     - libdirac
     - libopenjpeg

39. By Reinhard Tartler on 2009-12-21

add build dependency on 'yasm', since it is now moved to main.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/ffmpeg
This branch contains Public information 
Everyone can see this information.

Subscribers