[ubuntu/lucid-security] ffmpeg (delayed), ffmpeg 4:0.5.1-1ubuntu1.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Apr 4 17:16:21 UTC 2011 

ffmpeg (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted flic file
    - debian/patches/CVE-2010-3429.patch: add checks to
      libavcodec/flicvideo.c.
    - CVE-2010-3429
  * SECURITY UPDATE: arbitrary code execution via crafted wmv file
    (LP: #690169)
    - debian/patches/CVE-2010-3908.patch: properly calculate size in
      libavcodec/utils.c.
    - CVE-2010-3908
  * SECURITY UPDATE: denial of service via crafted .ogg file
    - debian/patches/CVE-2010-4704.patch: validate codebook in
      libavcodec/vorbis_dec.c.
    - CVE-2010-4704
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted WebM file
    - debian/patches/CVE-2011-0480.patch: check rangebits in
      libavcodec/vorbis_dec.c.
    - CVE-2011-0480
  * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
    (LP: #690169)
    - debian/patches/CVE-2011-0722.patch: set dimensions in
      libavcodec/rv34.c.
    - CVE-2011-0722
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted VC1 file (LP: #690169)
    - debian/patches/CVE-2011-0723.patch: fix invalid reads in
      libavcodec/vc1dec.c.
    - CVE-2011-0723

Date: Thu, 31 Mar 2011 10:59:31 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/ffmpeg/4:0.5.1-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Thu, 31 Mar 2011 10:59:31 -0400
Source: ffmpeg
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source
Version: 4:0.5.1-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 ffmpeg     - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec52 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavfilter-dev - development files for libavfilter
 libavfilter0 - ffmpeg video filtering library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil49 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Launchpad-Bugs-Fixed: 690169 690169 690169
Changes: 
 ffmpeg (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted flic file
     - debian/patches/CVE-2010-3429.patch: add checks to
       libavcodec/flicvideo.c.
     - CVE-2010-3429
   * SECURITY UPDATE: arbitrary code execution via crafted wmv file
     (LP: #690169)
     - debian/patches/CVE-2010-3908.patch: properly calculate size in
       libavcodec/utils.c.
     - CVE-2010-3908
   * SECURITY UPDATE: denial of service via crafted .ogg file
     - debian/patches/CVE-2010-4704.patch: validate codebook in
       libavcodec/vorbis_dec.c.
     - CVE-2010-4704
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted WebM file
     - debian/patches/CVE-2011-0480.patch: check rangebits in
       libavcodec/vorbis_dec.c.
     - CVE-2011-0480
   * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
     (LP: #690169)
     - debian/patches/CVE-2011-0722.patch: set dimensions in
       libavcodec/rv34.c.
     - CVE-2011-0722
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted VC1 file (LP: #690169)
     - debian/patches/CVE-2011-0723.patch: fix invalid reads in
       libavcodec/vc1dec.c.
     - CVE-2011-0723
Checksums-Sha1: 
 991015734d2355296ea1e379d355fac480e35956 2898 ffmpeg_0.5.1-1ubuntu1.1.dsc
 76c8f9865760cb6b6060382abc430caf0a2878ec 64887 ffmpeg_0.5.1-1ubuntu1.1.diff.gz
Checksums-Sha256: 
 a84fcb8315e51400b6f77172f785c8fc9e714d73ddd4ec46801b5deea2da9fd9 2898 ffmpeg_0.5.1-1ubuntu1.1.dsc
 9c18bfc4802de6d2f255cf837312fd2866dcdeb0d66029b1b5cf6ed65cfab4ab 64887 ffmpeg_0.5.1-1ubuntu1.1.diff.gz
Files: 
 586f5b442d012f277d34b862200bd5b9 2898 libs optional ffmpeg_0.5.1-1ubuntu1.1.dsc
 2cdc0301f57878e39ac4cb78594fd4e1 64887 libs optional ffmpeg_0.5.1-1ubuntu1.1.diff.gz
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>

More information about the Lucid-changes mailing list