[ubuntu/oneiric-security] libav 4:0.7.6-0ubuntu0.11.10.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Dec 19 13:17:15 UTC 2012


libav (4:0.7.6-0ubuntu0.11.10.2) oneiric-security; urgency=low

  * SECURITY UPDATE: unspecified security issue in ff_rv34_decode_frame
    - debian/patches/CVE-2012-2772.patch: error out on size changes with
      frame threading in libavcodec/rv34.c.
    - CVE-2012-2772
  * SECURITY UPDATE: out of array write in quant_cof
    - debian/patches/CVE-2012-2775.patch: check opt_order in
      libavcodec/alsdec.c.
    - CVE-2012-2775
  * SECURITY UPDATE: security issues in decode_pic
    - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
      libavcodec/cavsdec.c.
    - CVE-2012-2777
    - CVE-2012-2784
  * SECURITY UPDATE: unspecified vulnerability in the decode_frame
    - debian/patches/CVE-2012-2779.patch: prevent decoding happening on a
      half initialized context in libavcodec/indeo5.c.
    - CVE-2012-2779
  * SECURITY UPDATE: out of array write in the decode_wdlt function
    - debian/patches/CVE-2012-2786.patch: check frame_end in
      libavcodec/dfa.c.
    - CVE-2012-2786
  * SECURITY UPDATE: out of array read in avi_read_packet function
    - debian/patches/CVE-2012-2788.patch: use accurate size in
      libavformat/avidec.c.
    - CVE-2012-2788
  * SECURITY UPDATE: unspecified vulnerability in avi_read_packet
    - debian/patches/CVE-2012-2789.patch: check num_vec_coeffs for validity
      in libavcodec/wmaprodec.c.
    - CVE-2012-2789
  * SECURITY UPDATE: unspecified vulnerability in read_var_block_data
    - debian/patches/CVE-2012-2790.patch: fix number of decoded samples in
      libavcodec/alsdec.c.
    - CVE-2012-2790
  * SECURITY UPDATE: unspecified vulnerability in lag_decode_zero_run_line
    - debian/patches/CVE-2012-2793.patch: check count before writing zeros
      in libavcodec/lagarith.c.
    - CVE-2012-2793
  * SECURITY UPDATE: unspecified vulnerability in decode_mb_info
    - debian/patches/CVE-2012-2794.patch: check tile size in
      libavcodec/indeo5.c.
    - CVE-2012-2794
  * SECURITY UPDATE: out of array write in decode_dds1
    - debian/patches/CVE-2012-2798.patch: fix length check in
      libavcodec/dfa.c.
    - CVE-2012-2798
  * SECURITY UPDATE: unspecified vulnerability in ff_ivi_process_empty_tile
    - debian/patches/CVE-2012-2800.patch: check tile sizes in
      libavcodec/ivi_common.*, libavcodec/indeo5.c.
    - CVE-2012-2800
  * SECURITY UPDATE: out of array writes in avs.c
    - debian/patches/CVE-2012-2801.patch: force dimensions in
      libavcodec/avs.c.
    - CVE-2012-2801

Date: 2012-12-18 17:50:22.480994+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/oneiric/+source/libav/4:0.7.6-0ubuntu0.11.10.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Oneiric-changes mailing list