lp:ubuntu/trusty-security/libav

Created by Ubuntu Package Importer on 2014-05-09 and last modified on 2016-12-08
Get this branch:
bzr branch lp:ubuntu/trusty-security/libav
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

47. By Marc Deslauriers on 2016-12-07

* SECURITY UPDATE: Updated to 9.20 to fix various crashes with
  invalid-free, corrupted double-linked list or out-of-bounds read
  (LP: #1643467)
  - No CVE number

46. By Marc Deslauriers on 2015-03-16

* Update to 9.18 to fix multiple security issues (LP: #1432610,
  LP: #1370175)
  - CVE-2013-7020
  - CVE-2014-8542
  - CVE-2014-8543
  - CVE-2014-8544
  - CVE-2014-8547
  - CVE-2014-8548
  - CVE-2014-9604

45. By Reinhard Tartler on 2014-08-09

* New upstream release 9.14:
  - vp3: Copy all 3 frames for thread updates (CVE-2011-3934)
  - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263)
  - mpegts: Define the section length with a constant
  - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860)
  - svq1: do not modify the input packet
  - cdgraphics: do not return 0 from the decode function
  - cdgraphics: switch to bytestream2 (CVE-2013-3674)
  - huffyuvdec: check width size for yuv422p (CVE-2013-0848)
  - mmvideo: check horizontal coordinate too (CVE-2013-3672)
  - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098)
  - lavc: Check the image size before calling get_buffer (CVE-2011-3935)
  - huffyuv: Check and propagate function return values (CVE-2013-0868)
  - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946)
  - h264_sei: check SEI size
  - pgssubdec: Check RLE size before copying (CVE-2013-0852)
  - fate: Add dependencies for dct/fft/mdct/rdft tests
  - video4linux2: Avoid a floating point exception
  - vf_select: Drop a debug av_log with an unchecked double to enum conversion
  - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851)

44. By Reinhard Tartler on 2014-07-12

* New upstream release 9.14:
  - Many security fixes issues LP: #1341216
  - adpcm: Write the proper predictor in trellis mode in IMA QT
  - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
  - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705)
  - Check if an mp3 header is using a reserved sample rate
  - lzo: Handle integer overflow (bug/704)
  - avconv: make -shortest work with streamcopy
* Drop broken dpkg-maintscript, LP: #1315672

43. By Reinhard Tartler on 2014-05-04

* Merge from unstable, remaining changes:
  - build-depend on libtiff5-dev rather than libtiff4-dev,
    avoids FTBFS caused by imlib
* New upstream release 9.13:
  - Many security fixes issues LP: #1277173
  - swscale: Fix an undefined behaviour
  - matroska: add the Opus mapping
  - mp3enc: Properly write bitrate value in XING header (Closes: #736088)
  - origin/pu/9 oggdec: add support for Opus in Ogg demuxing
    (Fixes: libav/603, Closes: #720563)
  - apedec: do not buffer decoded samples over AVPackets (Closes: #744901)
  - isom: lpcm in mov default to big endian
  - movdec: handle 0x7fff langcode as macintosh per the specs
  - h264: reset next_output_pic earlier in start_frame()
    (Fixes: libav/672, Closes: #741240, LP: #1288206)
  - rtmpproto: Make sure to pass on the error code if read_connect failed
  - lavr: allocate the resampling buffer with a positive size
  - tiffdec: use bytestream2 to simplify overread/overwrite protection
  - resample: fix avresample_get_delay() return value
  - avi: Improve non-interleaved detection (Fixes: libav/666)
  - af_channelmap: fix ONE_STR mapping mode
  - movenc: allow override of "writing application" tag
  - matroskaenc: allow override of "writing application" tag
  - avfilter: Add missing emms_c when needed
  - build: Use pkg-config for openjpeg (Fixes: libav/387)
  - mpeg12: check scantable indices in all decode_block functions
  - sgidec: fix buffer size check in expand_rle_row()
  - adx: check that the offset is not negative
  - mpegvideo: set reference/pict_type on generated reference frames
  - h264: Fix various crashes found in samples pointed by Mateusz
  "j00ru" Jurczyk and Gynvael Coldwind - Thanks!
* Rebuild is reported to fix vaapi, Closes: #745655
* Fix invocation of dpkg-maintscript helper, LP: #1315672
* cleanup leftovers of the former libav-source package
* Simplify listing packages with dh_listpackage
* Drop transitional arch:all -extra- packages
* Bump standards version to 3.9.5, no changes needed

42. By Matthias Klose on 2014-03-24

No-change rebuild for x264 soname bump.

41. By Reinhard Tartler on 2014-03-02

* Merge from unstable, remaining changes:
  - build-depend on libtiff5-dev rather than libtiff4-dev,
    avoids FTBFS caused by imlib
* This version of libav supports Opus in Ogg (LP: #1265196)

40. By Dimitri John Ledkov on 2013-12-23

Drop build-deps arch restriction for libav, bootstrap complete.

39. By Dimitri John Ledkov on 2013-12-23

Disable altivec optimization for all build flavours on ppc64*.

38. By Dimitri John Ledkov on 2013-12-23

Build altivec flavor on powerpc only.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/utopic/libav
This branch contains Public information 
Everyone can see this information.

Subscribers