← Back to team overview

ubuntustudio-bugs team mailing list archive

[Bug 1341216] Re: Libav security fixes Jul 2014

 

This bug was fixed in the package libav - 6:0.8.13-0ubuntu0.13.10.1

---------------
libav (6:0.8.13-0ubuntu0.13.10.1) saucy-security; urgency=medium

  * Update to 0.8.13 to fix multiple security issues (LP: #1341216)
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Tue, 15 Jul 2014 07:31:39 -0400

** Changed in: libav (Ubuntu Saucy)
       Status: In Progress => Fix Released

** Changed in: libav (Ubuntu Precise)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to libav in Ubuntu.
Matching subscriptions: Ubuntu Studio Bugs
https://bugs.launchpad.net/bugs/1341216

Title:
  Libav security fixes Jul 2014

Status in “libav” package in Ubuntu:
  Fix Committed
Status in “libav” source package in Precise:
  Fix Released
Status in “libav” source package in Saucy:
  Fix Released
Status in “libav” source package in Trusty:
  Fix Released
Status in “libav” source package in Utopic:
  Fix Committed

Bug description:
  trusty should get Libav 9.14:

  version 9.14:                                                                                                                                
  - adpcm: Write the proper predictor in trellis mode in IMA QT                                                                                
  - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder                                                                           
  - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705)                                                                 
  - Check if an mp3 header is using a reserved sample rate                                                                                     
  - lzo: Handle integer overflow (bug/704)                                                                                                     
  - avconv: make -shortest work with streamcopy                                                                                                

  The lzo issue is claimed to be exploitable (remote code execution) on
  i386.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions


References