lp://staging/ubuntu/precise-updates/libav
- Get this branch:
- bzr branch lp://staging/ubuntu/precise-updates/libav
Branch merges
Branch information
Recent revisions
- 32. By Marc Deslauriers
-
* SECURITY UPDATE: invalid memory access via crafted MJPEG data
- debian/patches/ CVE-2014- 8541.patch: check for pixel format changes in
libavcodec/mjpegdec. c.
- CVE-2014-8541
* SECURITY UPDATE: out of array access in ff_mjpeg_decode_sof
- debian/patches/ CVE-2015- 1872.patch: check number of components in
libavcodec/mjpegdec. c.
- CVE-2015-1872
* SECURITY UPDATE: out of bounds array access in msrle_decode_pal4
- debian/patches/ CVE-2015- 3395.patch: determine frame size in
libavcodec/msrledec. c.
- CVE-2015-3395
* SECURITY UPDATE: size issue in ff_h263_decode_ picture_ header
- debian/patches/ CVE-2015- 5479.patch: check both dimensions in
libavcodec/ituh263dec. c.
- CVE-2015-5479
* SECURITY UPDATE: out of bounds array access in decode_ihdr_chunk
- debian/patches/ CVE-2015- 6818.patch: only allow one IHDR chunk in
libavcodec/pngdec. c.
- CVE-2015-6818
* SECURITY UPDATE: out of bounds array access in ff_sbr_apply
- debian/patches/ CVE-2015- 6820.patch: check that the element type
matches in libavcodec/aacsbr. c, libavcodec/sbr.h.
- CVE-2015-6820
* SECURITY UPDATE: uninitialized memory access in sws_init_context
- debian/patches/ CVE-2015- 6824.patch: clear buffers in
libswscale/utils.c
- CVE-2015-6824
* SECURITY UPDATE: invalid pointer use in ff_rv34_decode_ init_thread_ copy
- debian/patches/ CVE-2015- 6826.patch: clear pointers in
libavcodec/rv34.c.
- CVE-2015-6826
* SECURITY UPDATE: integer overflow in ff_ivi_init_planes
- debian/patches/ CVE-2015- 8364.patch: check image dimensions in
libavcodec/ivi_common. c.
- CVE-2015-8364
* SECURITY UPDATE: out of bounds array access in smka_decode_frame
- debian/patches/ CVE-2015- 8365.patch: validate data size in
libavcodec/smacker. c.
- CVE-2015-8365
* SECURITY UPDATE: cross-origin attack and arbitrary file read via the
concat protocol
- debian/confflags: disable concat protocol.
- CVE-2016-1897
- CVE-2016-1898
* SECURITY UPDATE: integer overflow in asf_write_packet
- debian/patches/ CVE-2016- 2326.patch: check pts in
libavformat/asfenc. c.
- CVE-2016-2326
* SECURITY UPDATE: out of bounds array access via tga file
- debian/patches/ CVE-2016- 2330.patch: fix lzw buffer size in
libavcodec/gif.c.
- CVE-2016-2330 - 31. By Marc Deslauriers
-
* Update to 0.8.17 to fix multiple security issues (LP: #1432610)
- CVE-2014-8542
- CVE-2014-8543
- CVE-2014-8544
- CVE-2014-8547
- CVE-2014-8548
- CVE-2014-9604 - 30. By Marc Deslauriers
-
* Update to 0.8.16 to fix multiple security issues (LP: #1370175)
* debian/patches/ fix_ftbfs_ ff_get_ buffer. patch: dropped, no longer
needed.
* debian/patches/ 04-ffmpeg- warning- change. patch: dropped, no longer
needed. - 29. By Marc Deslauriers
-
* Update to 0.8.15 to fix multiple security issues (LP: #1354755)
* debian/patches/ fix_ftbfs_ ff_get_ buffer. patch: Add more missing
#includes for ff_get_buffer() to fix ftbfs. - 27. By Marc Deslauriers
-
* SECURITY UPDATE: Update to 0.8.12 to fix multiple security issues
- CVE-2014-3984 - 23. By Marc Deslauriers
-
* Update to 0.8.6 to fix multiple security issues. (LP: #1163354)
- CVE-2013-0894
- CVE-2013-2277
- CVE-2013-2495
- CVE-2013-2496
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/quantal/libav