[ubuntu/lucid-security] ffmpeg-extra, ffmpeg-extra (delayed) 4:0.5.1-1ubuntu1.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Apr 6 17:12:29 UTC 2011 

ffmpeg-extra (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted flic file
    - debian/patches/CVE-2010-3429.patch: add checks to
      libavcodec/flicvideo.c.
    - CVE-2010-3429
  * SECURITY UPDATE: arbitrary code execution via crafted wmv file
    (LP: #690169)
    - debian/patches/CVE-2010-3908.patch: properly calculate size in
      libavcodec/utils.c.
    - CVE-2010-3908
  * SECURITY UPDATE: denial of service via crafted .ogg file
    - debian/patches/CVE-2010-4704.patch: validate codebook in
      libavcodec/vorbis_dec.c.
    - CVE-2010-4704
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted WebM file
    - debian/patches/CVE-2011-0480.patch: check rangebits in
      libavcodec/vorbis_dec.c.
    - CVE-2011-0480
  * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
    (LP: #690169)
    - debian/patches/CVE-2011-0722.patch: set dimensions in
      libavcodec/rv34.c.
    - CVE-2011-0722
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted VC1 file (LP: #690169)
    - debian/patches/CVE-2011-0723.patch: fix invalid reads in
      libavcodec/vc1dec.c.
    - CVE-2011-0723

Date: Wed, 06 Apr 2011 08:38:14 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/ffmpeg-extra/4:0.5.1-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Wed, 06 Apr 2011 08:38:14 -0400
Source: ffmpeg-extra
Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0
Architecture: source
Version: 4:0.5.1-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libavcodec-extra-52 - ffmpeg codec library
 libavcodec-unstripped-52 - ffmpeg utility library - transitional package
 libavdevice-extra-52 - ffmpeg device handling library
 libavdevice-unstripped-52 - ffmpeg utility library - transitional package
 libavfilter-extra-0 - ffmpeg video filtering library
 libavfilter-unstripped-0 - ffmpeg utility library - transitional package
 libavformat-extra-52 - ffmpeg file format library
 libavformat-unstripped-52 - ffmpeg utility library - transitional package
 libavutil-extra-49 - ffmpeg utility library
 libavutil-unstripped-49 - ffmpeg utility library - transitional package
 libpostproc-extra-51 - ffmpeg video postprocessing library
 libpostproc-unstripped-51 - ffmpeg utility library - transitional package
 libswscale-extra-0 - ffmpeg video scaling library
 libswscale-unstripped-0 - ffmpeg utility library - transitional package
Launchpad-Bugs-Fixed: 690169 690169 690169
Changes: 
 ffmpeg-extra (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted flic file
     - debian/patches/CVE-2010-3429.patch: add checks to
       libavcodec/flicvideo.c.
     - CVE-2010-3429
   * SECURITY UPDATE: arbitrary code execution via crafted wmv file
     (LP: #690169)
     - debian/patches/CVE-2010-3908.patch: properly calculate size in
       libavcodec/utils.c.
     - CVE-2010-3908
   * SECURITY UPDATE: denial of service via crafted .ogg file
     - debian/patches/CVE-2010-4704.patch: validate codebook in
       libavcodec/vorbis_dec.c.
     - CVE-2010-4704
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted WebM file
     - debian/patches/CVE-2011-0480.patch: check rangebits in
       libavcodec/vorbis_dec.c.
     - CVE-2011-0480
   * SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
     (LP: #690169)
     - debian/patches/CVE-2011-0722.patch: set dimensions in
       libavcodec/rv34.c.
     - CVE-2011-0722
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted VC1 file (LP: #690169)
     - debian/patches/CVE-2011-0723.patch: fix invalid reads in
       libavcodec/vc1dec.c.
     - CVE-2011-0723
Checksums-Sha1: 
 1012038afa6ece0662a926e310715463ba9c32a7 3262 ffmpeg-extra_0.5.1-1ubuntu1.1.dsc
 263155b413913b12e0b42d7259b73d6d4298af7e 65410 ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz
Checksums-Sha256: 
 5193c782569762941cee9d03cf2a9fe4271a9cfced6dc7609e4440ed42cbdad9 3262 ffmpeg-extra_0.5.1-1ubuntu1.1.dsc
 942c7d31a4e0fcd69a81141b399e349a013a5d16d4707c885222e0ef0736acc0 65410 ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz
Files: 
 224b26d57c2b980ec0b0d379d7b64d70 3262 libs optional ffmpeg-extra_0.5.1-1ubuntu1.1.dsc
 797721386d65ff2bce680b34a5b7ec30 65410 libs optional ffmpeg-extra_0.5.1-1ubuntu1.1.diff.gz
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>

More information about the Lucid-changes mailing list