lp:ubuntu/precise-security/libav

Created by Ubuntu Package Importer on 2012-06-18 and last modified on 2016-04-01
Get this branch:
bzr branch lp:ubuntu/precise-security/libav
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

32. By Marc Deslauriers on 2016-04-01

* SECURITY UPDATE: invalid memory access via crafted MJPEG data
  - debian/patches/CVE-2014-8541.patch: check for pixel format changes in
    libavcodec/mjpegdec.c.
  - CVE-2014-8541
* SECURITY UPDATE: out of array access in ff_mjpeg_decode_sof
  - debian/patches/CVE-2015-1872.patch: check number of components in
    libavcodec/mjpegdec.c.
  - CVE-2015-1872
* SECURITY UPDATE: out of bounds array access in msrle_decode_pal4
  - debian/patches/CVE-2015-3395.patch: determine frame size in
    libavcodec/msrledec.c.
  - CVE-2015-3395
* SECURITY UPDATE: size issue in ff_h263_decode_picture_header
  - debian/patches/CVE-2015-5479.patch: check both dimensions in
    libavcodec/ituh263dec.c.
  - CVE-2015-5479
* SECURITY UPDATE: out of bounds array access in decode_ihdr_chunk
  - debian/patches/CVE-2015-6818.patch: only allow one IHDR chunk in
    libavcodec/pngdec.c.
  - CVE-2015-6818
* SECURITY UPDATE: out of bounds array access in ff_sbr_apply
  - debian/patches/CVE-2015-6820.patch: check that the element type
    matches in libavcodec/aacsbr.c, libavcodec/sbr.h.
  - CVE-2015-6820
* SECURITY UPDATE: uninitialized memory access in sws_init_context
  - debian/patches/CVE-2015-6824.patch: clear buffers in
    libswscale/utils.c
  - CVE-2015-6824
* SECURITY UPDATE: invalid pointer use in ff_rv34_decode_init_thread_copy
  - debian/patches/CVE-2015-6826.patch: clear pointers in
    libavcodec/rv34.c.
  - CVE-2015-6826
* SECURITY UPDATE: integer overflow in ff_ivi_init_planes
  - debian/patches/CVE-2015-8364.patch: check image dimensions in
    libavcodec/ivi_common.c.
  - CVE-2015-8364
* SECURITY UPDATE: out of bounds array access in smka_decode_frame
  - debian/patches/CVE-2015-8365.patch: validate data size in
    libavcodec/smacker.c.
  - CVE-2015-8365
* SECURITY UPDATE: cross-origin attack and arbitrary file read via the
  concat protocol
  - debian/confflags: disable concat protocol.
  - CVE-2016-1897
  - CVE-2016-1898
* SECURITY UPDATE: integer overflow in asf_write_packet
  - debian/patches/CVE-2016-2326.patch: check pts in
    libavformat/asfenc.c.
  - CVE-2016-2326
* SECURITY UPDATE: out of bounds array access via tga file
  - debian/patches/CVE-2016-2330.patch: fix lzw buffer size in
    libavcodec/gif.c.
  - CVE-2016-2330

31. By Marc Deslauriers on 2015-03-16

* Update to 0.8.17 to fix multiple security issues (LP: #1432610)
  - CVE-2014-8542
  - CVE-2014-8543
  - CVE-2014-8544
  - CVE-2014-8547
  - CVE-2014-8548
  - CVE-2014-9604

30. By Marc Deslauriers on 2014-09-16

* Update to 0.8.16 to fix multiple security issues (LP: #1370175)
* debian/patches/fix_ftbfs_ff_get_buffer.patch: dropped, no longer
  needed.
* debian/patches/04-ffmpeg-warning-change.patch: dropped, no longer
  needed.

29. By Marc Deslauriers on 2014-08-10

* Update to 0.8.15 to fix multiple security issues (LP: #1354755)
* debian/patches/fix_ftbfs_ff_get_buffer.patch: Add more missing
  #includes for ff_get_buffer() to fix ftbfs.

28. By Marc Deslauriers on 2014-07-15

Update to 0.8.13 to fix multiple security issues (LP: #1341216)

27. By Marc Deslauriers on 2014-06-10

* SECURITY UPDATE: Update to 0.8.12 to fix multiple security issues
  - CVE-2014-3984

26. By Marc Deslauriers on 2014-02-06

Update to 0.8.10 to fix multiple security issues (LP: #1277173)

25. By Marc Deslauriers on 2013-11-09

Update to 0.8.9 to fix multiple security issues (LP: #1249621)

24. By Marc Deslauriers on 2013-10-21

Update to 0.8.8 to fix multiple security issues (LP: #1242802)

23. By Marc Deslauriers on 2013-04-02

* Update to 0.8.6 to fix multiple security issues. (LP: #1163354)
  - CVE-2013-0894
  - CVE-2013-2277
  - CVE-2013-2495
  - CVE-2013-2496

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/libav
This branch contains Public information 
Everyone can see this information.

Subscribers