lp:ubuntu/oneiric-security/libav
- Get this branch:
- bzr branch lp:ubuntu/oneiric-security/libav
Branch merges
Branch information
Recent revisions
- 17. By Marc Deslauriers
-
* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
- debian/patches/ CVE-2012- 2783.patch: release frames on error in
libavcodec/vp56.c.
- CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
- debian/patches/ CVE-2012- 2791.patch: check that scan pattern is set
before using it in libavcodec/ivi_common. c.
- CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
- debian/patches/ CVE-2012- 2803.patch: do not decode extradata more than
once in libavcodec/mpeg12. c.
- CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
- debian/patches/ CVE-2012- 5144.patch: fix off-by-one in
libavcodec/aacdec. c.
- CVE-2012-5144 - 16. By Marc Deslauriers
-
* SECURITY UPDATE: unspecified security issue in ff_rv34_
decode_ frame
- debian/patches/ CVE-2012- 2772.patch: error out on size changes with
frame threading in libavcodec/rv34.c.
- CVE-2012-2772
* SECURITY UPDATE: out of array write in quant_cof
- debian/patches/ CVE-2012- 2775.patch: check opt_order in
libavcodec/alsdec. c.
- CVE-2012-2775
* SECURITY UPDATE: security issues in decode_pic
- debian/patches/ CVE-2012- 2777-2784. patch: prevent changing w/h in
libavcodec/cavsdec. c.
- CVE-2012-2777
- CVE-2012-2784
* SECURITY UPDATE: unspecified vulnerability in the decode_frame
- debian/patches/ CVE-2012- 2779.patch: prevent decoding happening on a
half initialized context in libavcodec/indeo5. c.
- CVE-2012-2779
* SECURITY UPDATE: out of array write in the decode_wdlt function
- debian/patches/ CVE-2012- 2786.patch: check frame_end in
libavcodec/dfa.c.
- CVE-2012-2786
* SECURITY UPDATE: out of array read in avi_read_packet function
- debian/patches/ CVE-2012- 2788.patch: use accurate size in
libavformat/avidec. c.
- CVE-2012-2788
* SECURITY UPDATE: unspecified vulnerability in avi_read_packet
- debian/patches/ CVE-2012- 2789.patch: check num_vec_coeffs for validity
in libavcodec/wmaprodec. c.
- CVE-2012-2789
* SECURITY UPDATE: unspecified vulnerability in read_var_block_data
- debian/patches/ CVE-2012- 2790.patch: fix number of decoded samples in
libavcodec/alsdec. c.
- CVE-2012-2790
* SECURITY UPDATE: unspecified vulnerability in lag_decode_zero_run_ line
- debian/patches/ CVE-2012- 2793.patch: check count before writing zeros
in libavcodec/lagarith. c.
- CVE-2012-2793
* SECURITY UPDATE: unspecified vulnerability in decode_mb_info
- debian/patches/ CVE-2012- 2794.patch: check tile size in
libavcodec/indeo5. c.
- CVE-2012-2794
* SECURITY UPDATE: out of array write in decode_dds1
- debian/patches/ CVE-2012- 2798.patch: fix length check in
libavcodec/dfa.c.
- CVE-2012-2798
* SECURITY UPDATE: unspecified vulnerability in ff_ivi_process_ empty_tile
- debian/patches/ CVE-2012- 2800.patch: check tile sizes in
libavcodec/ivi_common. *, libavcodec/ indeo5. c.
- CVE-2012-2800
* SECURITY UPDATE: out of array writes in avs.c
- debian/patches/ CVE-2012- 2801.patch: force dimensions in
libavcodec/avs.c.
- CVE-2012-2801 - 15. By Marc Deslauriers
-
* Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
- CVE-2011-3929
- CVE-2011-3936
- CVE-2011-3940
- CVE-2011-3945
- CVE-2011-3947
- CVE-2011-3951
- CVE-2011-3952
- CVE-2011-4031
- CVE-2012-0848
- CVE-2012-0850
- CVE-2012-0851
- CVE-2012-0852
- CVE-2012-0853
- CVE-2012-0858
- CVE-2012-0859
- CVE-2012-0947 - 14. By Marc Deslauriers
-
* Update to 0.7.3 to fix multiple security issues (LP: #911811):
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing QDM2 stream
- CVE-2011-4351
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP3 stream
- CVE-2011-4352
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP5 or VP6 streams
- CVE-2011-4353
- SECURITY UPDATE: denial of service and possible code execution via
malformed VMD file
- CVE-2011-4364
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing svq1 stream
- CVE-2011-4579 - 13. By Reinhard Tartler
-
* Merge from debian, remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg,
lame, xvid, x264 (all in universe)
- not installing into multiarch directories
* This new upstream release has basically merged in all 70 patches that
are present in 4:0.7.1-7ubuntu2, plus some additional, similarily
focused ones. - 11. By Reinhard Tartler
-
* Merge from debian/unstable
- don't build against libfaad, libdirac, librtmp and libopenjpeg,
lame, xvid, x264 (all in universe)
* Drop extra conflicts on libswscale-extra-1 - 9. By Reinhard Tartler
-
relax dependencies in the shlibs file to accomodate the new versioning
scheme in libav-extra. Fixes LP: #818619 - 8. By Reinhard Tartler
-
* Merge from debian/unstable
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
- Extra conflicts on libswscale-extra-1 (can be dropped after natty release)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/libav