[ubuntu/karmic-security] ffmpeg (delayed), ffmpeg 4:0.5+svn20090706-2ubuntu2.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Apr 4 17:17:00 UTC 2011 

ffmpeg (4:0.5+svn20090706-2ubuntu2.3) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted flic file
    - debian/patches/CVE-2010-3429.patch: add checks to
      libavcodec/flicvideo.c.
    - CVE-2010-3429
  * SECURITY UPDATE: arbitrary code execution via crafted wmv file
    (LP: #690169)
    - debian/patches/CVE-2010-3908.patch: properly calculate size in
      libavcodec/utils.c.
    - CVE-2010-3908
  * SECURITY UPDATE: denial of service via crafted .ogg file
    - debian/patches/CVE-2010-4704.patch: validate codebook in
      libavcodec/vorbis_dec.c.
    - CVE-2010-4704
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted WebM file
    - debian/patches/CVE-2011-0480.patch: check rangebits in
      libavcodec/vorbis_dec.c.
    - CVE-2011-0480
  * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
    (LP: #690169)
    - debian/patches/CVE-2011-0722.patch: set dimensions in
      libavcodec/rv34.c.
    - CVE-2011-0722
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted VC1 file (LP: #690169)
    - debian/patches/CVE-2011-0723.patch: fix invalid reads in
      libavcodec/vc1dec.c.
    - CVE-2011-0723

Date: Thu, 31 Mar 2011 13:39:29 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/ffmpeg/4:0.5+svn20090706-2ubuntu2.3
-------------- next part --------------
Format: 1.8
Date: Thu, 31 Mar 2011 13:39:29 -0400
Source: ffmpeg
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source
Version: 4:0.5+svn20090706-2ubuntu2.3
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 ffmpeg     - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec52 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavfilter-dev - development files for libavfilter
 libavfilter0 - ffmpeg video filtering library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil49 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Changes: 
 ffmpeg (4:0.5+svn20090706-2ubuntu2.3) karmic-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted flic file
     - debian/patches/CVE-2010-3429.patch: add checks to
       libavcodec/flicvideo.c.
     - CVE-2010-3429
   * SECURITY UPDATE: arbitrary code execution via crafted wmv file
     (LP: #690169)
     - debian/patches/CVE-2010-3908.patch: properly calculate size in
       libavcodec/utils.c.
     - CVE-2010-3908
   * SECURITY UPDATE: denial of service via crafted .ogg file
     - debian/patches/CVE-2010-4704.patch: validate codebook in
       libavcodec/vorbis_dec.c.
     - CVE-2010-4704
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted WebM file
     - debian/patches/CVE-2011-0480.patch: check rangebits in
       libavcodec/vorbis_dec.c.
     - CVE-2011-0480
   * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
     (LP: #690169)
     - debian/patches/CVE-2011-0722.patch: set dimensions in
       libavcodec/rv34.c.
     - CVE-2011-0722
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted VC1 file (LP: #690169)
     - debian/patches/CVE-2011-0723.patch: fix invalid reads in
       libavcodec/vc1dec.c.
     - CVE-2011-0723
Checksums-Sha1: 
 5250d6316b8f588ea1858ec004f717c13a19b40f 2953 ffmpeg_0.5+svn20090706-2ubuntu2.3.dsc
 78838b15bcaf068fd344652c018ab41fdb647029 111300 ffmpeg_0.5+svn20090706-2ubuntu2.3.diff.gz
Checksums-Sha256: 
 a34d01762142ca1d087893c0f150783c52b79988d260ff39c5384982073b413a 2953 ffmpeg_0.5+svn20090706-2ubuntu2.3.dsc
 8a7415ba67aa8be239b34bbffc9a8119c918dc8de632dce4efc8fd8135108b7c 111300 ffmpeg_0.5+svn20090706-2ubuntu2.3.diff.gz
Files: 
 5f1e3e832d294af39c41e7464c081d9a 2953 libs optional ffmpeg_0.5+svn20090706-2ubuntu2.3.dsc
 4a7279d5e5adeeab99c8956309fc12a8 111300 libs optional ffmpeg_0.5+svn20090706-2ubuntu2.3.diff.gz
Launchpad-Bugs-Fixed: 690169 690169 690169
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>

More information about the Karmic-changes mailing list