ubuntustudio-bugs team mailing list archive

Thread
Date

[Bug 1354755] Re: Libav security fixes Aug 2014

To: ubuntustudio-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1354755@xxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Aug 2014 11:40:56 -0000
Reply-to: Bug 1354755 <1354755@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package libav - 4:0.8.15-0ubuntu0.12.04.1

---------------
libav (4:0.8.15-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 0.8.15 to fix multiple security issues (LP: #1354755)
  * debian/patches/fix_ftbfs_ff_get_buffer.patch: Add more missing
    #includes for ff_get_buffer() to fix ftbfs.
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Sun, 10 Aug 2014 09:59:10 -0400

** Changed in: libav (Ubuntu Precise)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to libav in Ubuntu.
Matching subscriptions: Ubuntu Studio Bugs
https://bugs.launchpad.net/bugs/1354755

Title:
  Libav security fixes Aug 2014

Status in “libav” package in Ubuntu:
  New
Status in “libav” source package in Precise:
  Fix Released
Status in “libav” source package in Trusty:
  In Progress

Bug description:
  Trusty should get version 9.16:

  version 9.16:
  - vp3: Copy all 3 frames for thread updates (CVE-2011-3934)
  - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263)
  - mpegts: Define the section length with a constant
  - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860)
  - svq1: do not modify the input packet
  - cdgraphics: do not return 0 from the decode function
  - cdgraphics: switch to bytestream2 (CVE-2013-3674)
  - huffyuvdec: check width size for yuv422p (CVE-2013-0848)
  - mmvideo: check horizontal coordinate too (CVE-2013-3672)
  - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098)
  - lavc: Check the image size before calling get_buffer (CVE-2011-3935)
  - huffyuv: Check and propagate function return values (CVE-2013-0868)
  - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946)
  - h264_sei: check SEI size
  - pgssubdec: Check RLE size before copying (CVE-2013-0852)
  - fate: Add dependencies for dct/fft/mdct/rdft tests
  - video4linux2: Avoid a floating point exception
  - vf_select: Drop a debug av_log with an unchecked double to enum conversion
  - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions

References

[Bug 1354755] [NEW] Libav security fixes Aug 2014
From: Reinhard Tartler, 2014-08-09