[ubuntu/karmic-security] ffmpeg-extra, ffmpeg-extra (delayed) 4:0.5+svn20090706-2ubuntu3.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Apr 11 13:04:39 UTC 2011
ffmpeg-extra (4:0.5+svn20090706-2ubuntu3.1) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted flic file
- debian/patches/CVE-2010-3429.patch: add checks to
libavcodec/flicvideo.c.
- CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
(LP: #690169)
- debian/patches/CVE-2010-3908.patch: properly calculate size in
libavcodec/utils.c.
- CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
- debian/patches/CVE-2010-4704.patch: validate codebook in
libavcodec/vorbis_dec.c.
- CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
crafted WebM file
- debian/patches/CVE-2011-0480.patch: check rangebits in
libavcodec/vorbis_dec.c.
- CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
(LP: #690169)
- debian/patches/CVE-2011-0722.patch: set dimensions in
libavcodec/rv34.c.
- CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
crafted VC1 file (LP: #690169)
- debian/patches/CVE-2011-0723.patch: fix invalid reads in
libavcodec/vc1dec.c.
- CVE-2011-0723
* SECURITY UPDATE: Fix a multitude of security issues
- debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
existence before assignment
- debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
indexes
- debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
value
- debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
per-packet mode indexes and per-header mode mapping indexes
- debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
index and subclass book index.
- debian/patches/CVE-2009-46XX/security-issue08.patch: check
res_setup->books
- debian/patches/CVE-2009-46XX/security-issue09.patch: check
begin/end/partition_size
- debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
of channels & samplerate
- debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
check
- debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
for magnitude and angle
- debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
- debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
against 0 too
- debian/patches/CVE-2009-46XX/security-issue15.patch: fix
init_get_bits() buffer size
- debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
all memory allocations succeed
- debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
buffer over-read in vorbis_comment
- debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
0 to avoid having it uninitialized
- debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
for ogg streams where no ogg header was found
- CVE-2009-4632
- CVE-2009-4633
- CVE-2009-4634
- CVE-2009-4635
- CVE-2009-4637
- CVE-2009-4639
- CVE-2009-4640
Date: Tue, 05 Apr 2011 19:09:22 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/ffmpeg-extra/4:0.5+svn20090706-2ubuntu3.1
-------------- next part --------------
Format: 1.8
Date: Tue, 05 Apr 2011 19:09:22 -0400
Source: ffmpeg-extra
Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0
Architecture: source
Version: 4:0.5+svn20090706-2ubuntu3.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libavcodec-extra-52 - ffmpeg codec library
libavcodec-unstripped-52 - ffmpeg utility library - transitional package
libavdevice-extra-52 - ffmpeg device handling library
libavdevice-unstripped-52 - ffmpeg utility library - transitional package
libavfilter-extra-0 - ffmpeg video filtering library
libavfilter-unstripped-0 - ffmpeg utility library - transitional package
libavformat-extra-52 - ffmpeg file format library
libavformat-unstripped-52 - ffmpeg utility library - transitional package
libavutil-extra-49 - ffmpeg utility library
libavutil-unstripped-49 - ffmpeg utility library - transitional package
libpostproc-extra-51 - ffmpeg video postprocessing library
libpostproc-unstripped-51 - ffmpeg utility library - transitional package
libswscale-extra-0 - ffmpeg video scaling library
libswscale-unstripped-0 - ffmpeg utility library - transitional package
Changes:
ffmpeg-extra (4:0.5+svn20090706-2ubuntu3.1) karmic-security; urgency=low
.
* SECURITY UPDATE: arbitrary code execution via crafted flic file
- debian/patches/CVE-2010-3429.patch: add checks to
libavcodec/flicvideo.c.
- CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
(LP: #690169)
- debian/patches/CVE-2010-3908.patch: properly calculate size in
libavcodec/utils.c.
- CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
- debian/patches/CVE-2010-4704.patch: validate codebook in
libavcodec/vorbis_dec.c.
- CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
crafted WebM file
- debian/patches/CVE-2011-0480.patch: check rangebits in
libavcodec/vorbis_dec.c.
- CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
(LP: #690169)
- debian/patches/CVE-2011-0722.patch: set dimensions in
libavcodec/rv34.c.
- CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
crafted VC1 file (LP: #690169)
- debian/patches/CVE-2011-0723.patch: fix invalid reads in
libavcodec/vc1dec.c.
- CVE-2011-0723
* SECURITY UPDATE: Fix a multitude of security issues
- debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
existence before assignment
- debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
indexes
- debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
value
- debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
per-packet mode indexes and per-header mode mapping indexes
- debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
index and subclass book index.
- debian/patches/CVE-2009-46XX/security-issue08.patch: check
res_setup->books
- debian/patches/CVE-2009-46XX/security-issue09.patch: check
begin/end/partition_size
- debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
of channels & samplerate
- debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
check
- debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
for magnitude and angle
- debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
- debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
against 0 too
- debian/patches/CVE-2009-46XX/security-issue15.patch: fix
init_get_bits() buffer size
- debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
all memory allocations succeed
- debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
buffer over-read in vorbis_comment
- debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
0 to avoid having it uninitialized
- debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
for ogg streams where no ogg header was found
- CVE-2009-4632
- CVE-2009-4633
- CVE-2009-4634
- CVE-2009-4635
- CVE-2009-4637
- CVE-2009-4639
- CVE-2009-4640
Checksums-Sha1:
6c9e56bb7ca2666208b0a32ec87174903be90608 3305 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.dsc
934bd88511af73c37d68733da4ffd1cd840585b6 112328 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.diff.gz
Checksums-Sha256:
9088203392130449809fc76bebba09e181a29303ff244dc42fda07528de04bce 3305 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.dsc
18305c83fb21b2f22338afca778c40b552625c3f217d321747c4e2d5de92d146 112328 ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.diff.gz
Files:
f7e0715f032dbb19a800051c449205be 3305 libs optional ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.dsc
90f057fb16fe9e93a86b11a616ad5f71 112328 libs optional ffmpeg-extra_0.5+svn20090706-2ubuntu3.1.diff.gz
Launchpad-Bugs-Fixed: 690169 690169 690169
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>
More information about the Karmic-changes
mailing list