touch-packages team mailing list archive

Thread
Date

[Bug 1341216] [NEW] Libav security fixes Jul 2014

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Reinhard Tartler <siretart@xxxxxxxxxx>
Date: Sat, 12 Jul 2014 22:35:49 -0000
Reply-to: Bug 1341216 <1341216@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

trusty should get Libav 9.14:

version 9.14:                                                                                                                                
- adpcm: Write the proper predictor in trellis mode in IMA QT                                                                                
- adpcm: Avoid reading out of bounds in the IMA QT trellis encoder                                                                           
- Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705)                                                                 
- Check if an mp3 header is using a reserved sample rate                                                                                     
- lzo: Handle integer overflow (bug/704)                                                                                                     
- avconv: make -shortest work with streamcopy                                                                                                

The lzo issue is claimed to be exploitable (remote code execution) on
i386.

** Affects: libav (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libav in Ubuntu.
https://bugs.launchpad.net/bugs/1341216

Title:
  Libav security fixes Jul 2014

Status in “libav” package in Ubuntu:
  New

Bug description:
  trusty should get Libav 9.14:

  version 9.14:                                                                                                                                
  - adpcm: Write the proper predictor in trellis mode in IMA QT                                                                                
  - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder                                                                           
  - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705)                                                                 
  - Check if an mp3 header is using a reserved sample rate                                                                                     
  - lzo: Handle integer overflow (bug/704)                                                                                                     
  - avconv: make -shortest work with streamcopy                                                                                                

  The lzo issue is claimed to be exploitable (remote code execution) on
  i386.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions

Follow ups

[Bug 1341216] Re: Libav security fixes Jul 2014
From: Reinhard Tartler, 2014-08-09
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Launchpad Bug Tracker, 2014-07-15
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Launchpad Bug Tracker, 2014-07-15
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Launchpad Bug Tracker, 2014-07-15
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Launchpad Bug Tracker, 2014-07-15
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Marc Deslauriers, 2014-07-15
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Reinhard Tartler, 2014-07-15
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Marc Deslauriers, 2014-07-15
[Bug 1341216] Re: Libav security fixes Jul 2014
From: Reinhard Tartler, 2014-07-13
[Bug 1341216] [NEW] Libav security fixes Jul 2014
From: Reinhard Tartler, 2014-07-12

References

[Bug 1341216] [NEW] Libav security fixes Jul 2014
From: Reinhard Tartler, 2014-07-12