[ubuntu/jaunty-security] ffmpeg-debian, ffmpeg-debian (delayed) 3:0.svn20090303-1ubuntu6.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Apr 19 19:03:48 BST 2010 

ffmpeg-debian (3:0.svn20090303-1ubuntu6.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Fix a multitude of security issues
    - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
      existence before assignment
    - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
      indexes
    - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
      value
    - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
      per-packet mode indexes and per-header mode mapping indexes
    - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
      index and subclass book index.
    - debian/patches/CVE-2009-46XX/security-issue08.patch: check
      res_setup->books
    - debian/patches/CVE-2009-46XX/security-issue09.patch: check
      begin/end/partition_size
    - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
      of channels & samplerate
    - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
      check
    - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
      for magnitude and angle
    - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
    - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
      against 0 too
    - debian/patches/CVE-2009-46XX/security-issue15.patch: fix
      init_get_bits() buffer size
    - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
      all memory allocations succeed
    - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
      buffer over-read in vorbis_comment
    - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
      0 to avoid having it uninitialized
    - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
      for ogg streams where no ogg header was found
    - debian/patches/CVE-2009-46XX/security-issue22.patch: check codec_id
      and codec_type, make sure priv_data is freed and codec is set to NULL
    - CVE-2009-4632
    - CVE-2009-4633
    - CVE-2009-4634
    - CVE-2009-4635
    - CVE-2009-4637
    - CVE-2009-4639
    - CVE-2009-4640

Date: Thu, 08 Apr 2010 09:12:45 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/ffmpeg-debian/3:0.svn20090303-1ubuntu6.1
-------------- next part --------------
Format: 1.8
Date: Thu, 08 Apr 2010 09:12:45 -0400
Source: ffmpeg-debian
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source
Version: 3:0.svn20090303-1ubuntu6.1
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 ffmpeg     - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec52 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavfilter-dev - development files for libavfilter
 libavfilter0 - ffmpeg video filtering library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil49 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Changes: 
 ffmpeg-debian (3:0.svn20090303-1ubuntu6.1) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: Fix a multitude of security issues
     - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
       existence before assignment
     - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
       indexes
     - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
       value
     - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
       per-packet mode indexes and per-header mode mapping indexes
     - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
       index and subclass book index.
     - debian/patches/CVE-2009-46XX/security-issue08.patch: check
       res_setup->books
     - debian/patches/CVE-2009-46XX/security-issue09.patch: check
       begin/end/partition_size
     - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
       of channels & samplerate
     - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
       check
     - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
       for magnitude and angle
     - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
     - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
       against 0 too
     - debian/patches/CVE-2009-46XX/security-issue15.patch: fix
       init_get_bits() buffer size
     - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
       all memory allocations succeed
     - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
       buffer over-read in vorbis_comment
     - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
       0 to avoid having it uninitialized
     - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
       for ogg streams where no ogg header was found
     - debian/patches/CVE-2009-46XX/security-issue22.patch: check codec_id
       and codec_type, make sure priv_data is freed and codec is set to NULL
     - CVE-2009-4632
     - CVE-2009-4633
     - CVE-2009-4634
     - CVE-2009-4635
     - CVE-2009-4637
     - CVE-2009-4639
     - CVE-2009-4640
Checksums-Sha1: 
 67b43bf3bd6dc7d4c073b5f0a745c824e62e14d6 2274 ffmpeg-debian_0.svn20090303-1ubuntu6.1.dsc
 bbbda4bc92afcfcd6aad06457698c3700bdfa1d9 36802 ffmpeg-debian_0.svn20090303-1ubuntu6.1.diff.gz
Checksums-Sha256: 
 f2592225bacb66315263f0fc5907069fc7a35992156114da5db098490d202c87 2274 ffmpeg-debian_0.svn20090303-1ubuntu6.1.dsc
 1af7c0aef73fa8f995b9495510ad2083a83b5529f9f46d4b309be70ed60791b3 36802 ffmpeg-debian_0.svn20090303-1ubuntu6.1.diff.gz
Files: 
 7cd8257af686257eeb3dc4899ead5485 2274 libs optional ffmpeg-debian_0.svn20090303-1ubuntu6.1.dsc
 e33208eef1c16818c14cb2438c2f76bb 36802 libs optional ffmpeg-debian_0.svn20090303-1ubuntu6.1.diff.gz
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>

More information about the Jaunty-changes mailing list