Ubuntu
libav package

lp:ubuntu/oneiric-security/libav

  1. Oneiric (11.10)
  2. oneiric-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric-security/libav
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

17. By Marc Deslauriers

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
  - debian/patches/CVE-2012-2791.patch: check that scan pattern is set
    before using it in libavcodec/ivi_common.c.
  - CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
  - debian/patches/CVE-2012-5144.patch: fix off-by-one in
    libavcodec/aacdec.c.
  - CVE-2012-5144

16. By Marc Deslauriers

* SECURITY UPDATE: unspecified security issue in ff_rv34_decode_frame
  - debian/patches/CVE-2012-2772.patch: error out on size changes with
    frame threading in libavcodec/rv34.c.
  - CVE-2012-2772
* SECURITY UPDATE: out of array write in quant_cof
  - debian/patches/CVE-2012-2775.patch: check opt_order in
    libavcodec/alsdec.c.
  - CVE-2012-2775
* SECURITY UPDATE: security issues in decode_pic
  - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
    libavcodec/cavsdec.c.
  - CVE-2012-2777
  - CVE-2012-2784
* SECURITY UPDATE: unspecified vulnerability in the decode_frame
  - debian/patches/CVE-2012-2779.patch: prevent decoding happening on a
    half initialized context in libavcodec/indeo5.c.
  - CVE-2012-2779
* SECURITY UPDATE: out of array write in the decode_wdlt function
  - debian/patches/CVE-2012-2786.patch: check frame_end in
    libavcodec/dfa.c.
  - CVE-2012-2786
* SECURITY UPDATE: out of array read in avi_read_packet function
  - debian/patches/CVE-2012-2788.patch: use accurate size in
    libavformat/avidec.c.
  - CVE-2012-2788
* SECURITY UPDATE: unspecified vulnerability in avi_read_packet
  - debian/patches/CVE-2012-2789.patch: check num_vec_coeffs for validity
    in libavcodec/wmaprodec.c.
  - CVE-2012-2789
* SECURITY UPDATE: unspecified vulnerability in read_var_block_data
  - debian/patches/CVE-2012-2790.patch: fix number of decoded samples in
    libavcodec/alsdec.c.
  - CVE-2012-2790
* SECURITY UPDATE: unspecified vulnerability in lag_decode_zero_run_line
  - debian/patches/CVE-2012-2793.patch: check count before writing zeros
    in libavcodec/lagarith.c.
  - CVE-2012-2793
* SECURITY UPDATE: unspecified vulnerability in decode_mb_info
  - debian/patches/CVE-2012-2794.patch: check tile size in
    libavcodec/indeo5.c.
  - CVE-2012-2794
* SECURITY UPDATE: out of array write in decode_dds1
  - debian/patches/CVE-2012-2798.patch: fix length check in
    libavcodec/dfa.c.
  - CVE-2012-2798
* SECURITY UPDATE: unspecified vulnerability in ff_ivi_process_empty_tile
  - debian/patches/CVE-2012-2800.patch: check tile sizes in
    libavcodec/ivi_common.*, libavcodec/indeo5.c.
  - CVE-2012-2800
* SECURITY UPDATE: out of array writes in avs.c
  - debian/patches/CVE-2012-2801.patch: force dimensions in
    libavcodec/avs.c.
  - CVE-2012-2801

15. By Marc Deslauriers

* Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
  - CVE-2011-3929
  - CVE-2011-3936
  - CVE-2011-3940
  - CVE-2011-3945
  - CVE-2011-3947
  - CVE-2011-3951
  - CVE-2011-3952
  - CVE-2011-4031
  - CVE-2012-0848
  - CVE-2012-0850
  - CVE-2012-0851
  - CVE-2012-0852
  - CVE-2012-0853
  - CVE-2012-0858
  - CVE-2012-0859
  - CVE-2012-0947

14. By Marc Deslauriers

* Update to 0.7.3 to fix multiple security issues (LP: #911811):
  - SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing QDM2 stream
    - CVE-2011-4351
  - SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing VP3 stream
    - CVE-2011-4352
  - SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing VP5 or VP6 streams
    - CVE-2011-4353
  - SECURITY UPDATE: denial of service and possible code execution via
    malformed VMD file
    - CVE-2011-4364
  - SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing svq1 stream
    - CVE-2011-4579

13. By Reinhard Tartler

* Merge from debian, remaining changes:
  - don't build against libfaad, libdirac, librtmp and libopenjpeg,
    lame, xvid, x264 (all in universe)
  - not installing into multiarch directories
* This new upstream release has basically merged in all 70 patches that
  are present in 4:0.7.1-7ubuntu2, plus some additional, similarily
  focused ones.

12. By Reinhard Tartler

Revert "Convert package to include multiarch support."

11. By Reinhard Tartler

* Merge from debian/unstable
  - don't build against libfaad, libdirac, librtmp and libopenjpeg,
    lame, xvid, x264 (all in universe)
* Drop extra conflicts on libswscale-extra-1

10. By Reinhard Tartler

libswscale-dev: fix alternate on libswscale-extra-2, Fixes LP: #829857

9. By Reinhard Tartler

relax dependencies in the shlibs file to accomodate the new versioning
scheme in libav-extra. Fixes LP: #818619

8. By Reinhard Tartler

* Merge from debian/unstable
  - don't build against libfaad, libdirac, librtmp and libopenjpeg
    (all in universe)
  - Extra conflicts on libswscale-extra-1 (can be dropped after natty release)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/libav
This branch contains Public information 
Everyone can see this information.

Subscribers