[ubuntu/maverick-security] ffmpeg 4:0.6-2ubuntu6.3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Jan 5 15:03:42 UTC 2012 

ffmpeg (4:0.6-2ubuntu6.3) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed Matroska file
    - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
      in libavformat/matroskadec.c.
    - CVE-2011-3504
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing QDM2 stream
    - debian/patches/CVE-2011-4351.patch: check boundaries in
      libavcodec/qdm2.c.
    - CVE-2011-4351
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing VP3 stream
    - debian/patches/CVE-2011-4352.patch: check coefficient index in
      libavcodec/vp3.c.
    - CVE-2011-4352
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing VP5 or VP6 streams
    - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
      and libavcodec/vp6.c.
    - CVE-2011-4353
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed VMD file
    - debian/patches/CVE-2011-4364.patch: properly check lengths in
      libavcodec/vmdav.c.
    - CVE-2011-4364
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing svq1 stream
    - debian/patches/CVE-2011-4579.patch: set dimensions after they have
      changed in libavcodec/svq1dec.c.
    - CVE-2011-4579

Date: Wed, 21 Dec 2011 10:46:50 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/ffmpeg/4:0.6-2ubuntu6.3
-------------- next part --------------
Format: 1.8
Date: Wed, 21 Dec 2011 10:46:50 -0500
Source: ffmpeg
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil50 libavcodec52 libavdevice52 libavformat52 libavfilter1 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source
Version: 4:0.6-2ubuntu6.3
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 ffmpeg     - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec52 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavfilter-dev - development files for libavfilter
 libavfilter1 - ffmpeg video filtering library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil50 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Changes: 
 ffmpeg (4:0.6-2ubuntu6.3) maverick-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed Matroska file
     - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
       in libavformat/matroskadec.c.
     - CVE-2011-3504
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed file containing QDM2 stream
     - debian/patches/CVE-2011-4351.patch: check boundaries in
       libavcodec/qdm2.c.
     - CVE-2011-4351
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed file containing VP3 stream
     - debian/patches/CVE-2011-4352.patch: check coefficient index in
       libavcodec/vp3.c.
     - CVE-2011-4352
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed file containing VP5 or VP6 streams
     - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
       and libavcodec/vp6.c.
     - CVE-2011-4353
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed VMD file
     - debian/patches/CVE-2011-4364.patch: properly check lengths in
       libavcodec/vmdav.c.
     - CVE-2011-4364
   * SECURITY UPDATE: denial of service and possible code execution via
     malformed file containing svq1 stream
     - debian/patches/CVE-2011-4579.patch: set dimensions after they have
       changed in libavcodec/svq1dec.c.
     - CVE-2011-4579
Checksums-Sha1: 
 57f1dc9927e1fb58a97516f4469c8e252027d922 2925 ffmpeg_0.6-2ubuntu6.3.dsc
 ceb06c72c84aeea63a1db7b4440889caaec01bd7 105186 ffmpeg_0.6-2ubuntu6.3.diff.gz
Checksums-Sha256: 
 7e4e391d914729f179f4c38b0d2d0010411a6c586e84be5ac83c19c4b08fb2a3 2925 ffmpeg_0.6-2ubuntu6.3.dsc
 22496c7801ca9589bdd76fd9f10ed1a0c58729ccafd714046a130ba06957dd82 105186 ffmpeg_0.6-2ubuntu6.3.diff.gz
Files: 
 a7cf236719e4d6a98864d6c3e252fb74 2925 libs optional ffmpeg_0.6-2ubuntu6.3.dsc
 81d9ca2f9c0bd3b23adefb9ee9a1d039 105186 libs optional ffmpeg_0.6-2ubuntu6.3.diff.gz
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>

More information about the Maverick-changes mailing list