-
ffmpeg (3:0.cvs20070307-5ubuntu7.6) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted flic file
- debian/patches/CVE-2010-3429.patch: add checks to
libavcodec/flicvideo.c.
- CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
(LP: #690169)
- debian/patches/CVE-2010-3908.patch: properly calculate size in
libavcodec/utils.c.
- CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
- debian/patches/CVE-2010-4704.patch: validate codebook in
libavcodec/vorbis.c.
- CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
crafted WebM file
- debian/patches/CVE-2011-0480.patch: check rangebits in
libavcodec/vorbis.c.
- CVE-2011-0480
* SECURITY UPDATE: denial of service and possible code execution via
crafted VC1 file (LP: #690169)
- debian/patches/CVE-2011-0723.patch: fix invalid reads in
libavcodec/vc1dec.c.
- CVE-2011-0723
-- Marc Deslauriers <email address hidden> Thu, 31 Mar 2011 13:54:41 -0400
-
ffmpeg (3:0.cvs20070307-5ubuntu7.5) hardy-security; urgency=low
* debian/patches/CVE-2009-46XX/security-issue22.patch: removed this
patch as it was causing a regression. (LP: #567913)
-- Marc Deslauriers <email address hidden> Fri, 23 Apr 2010 08:14:58 -0400
-
ffmpeg (3:0.cvs20070307-5ubuntu7.4) hardy-security; urgency=low
* SECURITY UPDATE: Fix a multitude of security issues
- debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
existence before assignment
- debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
indexes
- debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
value
- debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
per-packet mode indexes and per-header mode mapping indexes
- debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
index and subclass book index.
- debian/patches/CVE-2009-46XX/security-issue08.patch: check
res_setup->books
- debian/patches/CVE-2009-46XX/security-issue09.patch: check
begin/end/partition_size
- debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
of channels & samplerate
- debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
check
- debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
for magnitude and angle
- debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
- debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
against 0 too
- debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
all memory allocations succeed
- debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
0 to avoid having it uninitialized
- debian/patches/CVE-2009-46XX/security-issue22.patch: check codec_id
and codec_type, make sure priv_data is freed and codec is set to NULL
- CVE-2009-4633
- CVE-2009-4634
- CVE-2009-4635
- CVE-2009-4637
- CVE-2009-4639
- CVE-2009-4640
-- Marc Deslauriers <email address hidden> Thu, 08 Apr 2010 09:37:22 -0400
-
ffmpeg (3:0.cvs20070307-5ubuntu7.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
- debian/patches/100_security_CVE-2008-4610.diff: properly check return
codes in libavcodec/vp3.c.
- CVE-2008-4610
* SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
value
- debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
a correct value in libavcodec/dca.c.
- CVE-2008-4867
* SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
(LP: #323620)
- debian/patches/102_security_CVE-2009-0385.diff: validate current_track
value in libavformat/4xm.c.
- CVE-2009-0385
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2009 16:32:40 -0400
-
ffmpeg (3:0.cvs20070307-5ubuntu7.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
- debian/patches/100_security_CVE-2008-4610.diff: properly check return
codes in libavcodec/vp3.c.
- CVE-2008-4610
* SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
value
- debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
a correct value in libavcodec/dca.c.
- CVE-2008-4867
* SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
(LP: #323620)
- debian/patches/102_security_CVE-2009-0385.diff: validate current_track
value in libavformat/4xm.c.
- CVE-2009-0385
-- Marc Deslauriers <email address hidden> Fri, 13 Mar 2009 13:04:19 -0400
-
ffmpeg (3:0.cvs20070307-5ubuntu7.1) hardy-security; urgency=low
* SECURITY UPDATE: crash from crafted STR file.
* Add debian/patches/400_str_file_crash.diff: backported upstream fixes.
* References
CVE-2008-3162
-- Kees Cook <email address hidden> Wed, 23 Jul 2008 13:28:45 -0700
-
ffmpeg (3:0.cvs20070307-5ubuntu7) hardy; urgency=low
* added qt-faststart (LP: #200996)
reorders the components of an H.264 MPEG4 video file to enable progressive
download playback of certain H.264 videos in the Flash Player browser plugin.
* debian/rules:
- build: $(MAKE) qt-faststart
- install: cp this to debian/tmp/usr/bin/
* debian/ffmpeg.install:
- added usr/bin/qt-faststart
-- Stephan Hermann <email address hidden> Tue, 11 Mar 2008 11:52:21 +0100
-
ffmpeg (3:0.cvs20070307-5ubuntu6) hardy; urgency=low
* Implemented 061_fix_resample_warnings.diff
Fixes LP: #122266
* debian/control:
- set MOTU as maintainer
- set XSBC-Original-Maintainer: Debian multimedia packages maintainers
-- Mario Danic <email address hidden> Mon, 06 Aug 2007 16:19:27 +0200
-
ffmpeg (3:0.cvs20070307-5ubuntu5) hardy; urgency=low
* Rebuilt against new libx264
-- Anthony Mercatante <tonio@kubuntu> Sun, 02 Dec 2007 21:20:07 +0100
-
ffmpeg (3:0.cvs20070307-5ubuntu4) gutsy; urgency=low
* make ffmpeg-config not add -ldts and -la52 to LDFLAGS. fixes FTBFS in
unrelated packages.
-- Reinhard Tartler <email address hidden> Sun, 03 Jun 2007 18:21:33 +0200
