[ubuntu/lucid-security] ffmpeg-extra 4:0.5.1-1ubuntu1.3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Jan 5 16:04:50 UTC 2012 

ffmpeg-extra (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed Matroska file
    - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
      in libavformat/matroskadec.c.
    - CVE-2011-3504
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing QDM2 stream
    - debian/patches/CVE-2011-4351.patch: check boundaries in
      libavcodec/qdm2.c.
    - CVE-2011-4351
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing VP5 or VP6 streams
    - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
      and libavcodec/vp6.c.
    - CVE-2011-4353
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed VMD file
    - debian/patches/CVE-2011-4364.patch: properly check lengths in
      libavcodec/vmdav.c.
    - CVE-2011-4364
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing svq1 stream
    - debian/patches/CVE-2011-4579.patch: set dimensions after they have
      changed in libavcodec/svq1dec.c.
    - CVE-2011-4579

Date: Wed, 21 Dec 2011 13:21:39 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/ffmpeg-extra/4:0.5.1-1ubuntu1.3
-------------- next part --------------
Format: 1.8
Date: Wed, 21 Dec 2011 13:21:39 -0500
Source: ffmpeg-extra
Binary: libavutil-extra-49 libavutil-unstripped-49 libavcodec-extra-52 libavcodec-unstripped-52 libavdevice-extra-52 libavdevice-unstripped-52 libavfilter-extra-0 libavfilter-unstripped-0 libpostproc-extra-51 libpostproc-unstripped-51 libavformat-extra-52 libavformat-unstripped-52 libswscale-extra-0 libswscale-unstripped-0
Architecture: source
Version: 4:0.5.1-1ubuntu1.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libavcodec-extra-52 - ffmpeg codec library
 libavcodec-unstripped-52 - ffmpeg utility library - transitional package
 libavdevice-extra-52 - ffmpeg device handling library
 libavdevice-unstripped-52 - ffmpeg utility library - transitional package
 libavfilter-extra-0 - ffmpeg video filtering library
 libavfilter-unstripped-0 - ffmpeg utility library - transitional package
 libavformat-extra-52 - ffmpeg file format library
 libavformat-unstripped-52 - ffmpeg utility library - transitional package
 libavutil-extra-49 - ffmpeg utility library
 libavutil-unstripped-49 - ffmpeg utility library - transitional package
 libpostproc-extra-51 - ffmpeg video postprocessing library
 libpostproc-unstripped-51 - ffmpeg utility library - transitional package
 libswscale-extra-0 - ffmpeg video scaling library
 libswscale-unstripped-0 - ffmpeg utility library - transitional package
Changes: 
 ffmpeg-extra (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed Matroska file
     - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
       in libavformat/matroskadec.c.
     - CVE-2011-3504
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed file containing QDM2 stream
     - debian/patches/CVE-2011-4351.patch: check boundaries in
       libavcodec/qdm2.c.
     - CVE-2011-4351
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed file containing VP5 or VP6 streams
     - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
       and libavcodec/vp6.c.
     - CVE-2011-4353
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed VMD file
     - debian/patches/CVE-2011-4364.patch: properly check lengths in
       libavcodec/vmdav.c.
     - CVE-2011-4364
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed file containing svq1 stream
     - debian/patches/CVE-2011-4579.patch: set dimensions after they have
       changed in libavcodec/svq1dec.c.
     - CVE-2011-4579
Checksums-Sha1: 
 c823d33858a741fd8313fa0ed4d454473630d4af 3262 ffmpeg-extra_0.5.1-1ubuntu1.3.dsc
 db4ffdae9207626737c7a2e4e3b336494d34594c 71493 ffmpeg-extra_0.5.1-1ubuntu1.3.diff.gz
Checksums-Sha256: 
 ee412ec3c0ff246b74ce30eea20c2786de797a565cc62b4895e63e2d81b7a188 3262 ffmpeg-extra_0.5.1-1ubuntu1.3.dsc
 c7fbcebbee931735f247b55ddf6fd146ab57c52d3820cb88419030a1fa99b063 71493 ffmpeg-extra_0.5.1-1ubuntu1.3.diff.gz
Files: 
 aa39573f5a1719eaba404bdaa24fe167 3262 libs optional ffmpeg-extra_0.5.1-1ubuntu1.3.dsc
 1fa1f4fffd3a74e886fe07592d4d6113 71493 libs optional ffmpeg-extra_0.5.1-1ubuntu1.3.diff.gz
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>

More information about the Lucid-changes mailing list