Hello community, here is the log from the commit of package libav for openSUSE:Factory checked in at 2015-10-12 10:02:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libav (Old) and /work/SRC/openSUSE:Factory/.libav.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libav" Changes: -------- --- /work/SRC/openSUSE:Factory/libav/libav.changes 2015-06-16 14:06:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libav.new/libav.changes 2015-10-12 10:03:30.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Oct 9 22:09:09 UTC 2015 - [email protected] + +- Add for for CVE-2015-5479 + * CVE-2015-5479.patch + +------------------------------------------------------------------- New: ---- CVE-2015-5479.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libav.spec ++++++ --- /var/tmp/diff_new_pack.nBXBxS/_old 2015-10-12 10:03:31.000000000 +0200 +++ /var/tmp/diff_new_pack.nBXBxS/_new 2015-10-12 10:03:31.000000000 +0200 @@ -31,6 +31,8 @@ Group: Development/Libraries/C and C++ Url: https://libav.org/ Source: http://%{name}.org/releases/%{name}-%{version}.tar.xz +# fix for CVE-2015-5479 upstream commit 0a49a62f998747cfa564d98d36a459fe70d3299b +Patch0: CVE-2015-5479.patch BuildRequires: libgsm-devel BuildRequires: pkg-config BuildRequires: yasm @@ -208,6 +210,7 @@ %prep %setup -q +%patch0 -p1 # Remove build time references so build-compare can do its work FAKE_BUILDTIME=$(LC_ALL=C date -u -r %{_sourcedir}/%{name}.changes '+%%H:%%M') ++++++ CVE-2015-5479.patch ++++++ From: Luca Barbato <[email protected]> Date: Fri, 26 Jun 2015 13:57:16 +0000 (+0200) Subject: h263: Always check both dimensions X-Git-Url: https://git.libav.org/?p=libav.git;a=commitdiff_plain;h=0a49a62f998747cfa564d98d36a459fe70d3299b h263: Always check both dimensions CC: [email protected] Found-By: [email protected] --- Index: libav-11.4/libavcodec/ituh263dec.c =================================================================== --- libav-11.4.orig/libavcodec/ituh263dec.c +++ libav-11.4/libavcodec/ituh263dec.c @@ -30,6 +30,7 @@ #include <limits.h> #include "libavutil/attributes.h" +#include "libavutil/imgutils.h" #include "libavutil/internal.h" #include "libavutil/mathematics.h" #include "avcodec.h" @@ -866,7 +867,7 @@ end: /* most is hardcoded. should extend to handle all h263 streams */ int ff_h263_decode_picture_header(MpegEncContext *s) { - int format, width, height, i; + int format, width, height, i, ret; uint32_t startcode; align_get_bits(&s->gb); @@ -917,8 +918,6 @@ int ff_h263_decode_picture_header(MpegEn /* H.263v1 */ width = ff_h263_format[format][0]; height = ff_h263_format[format][1]; - if (!width) - return -1; s->pict_type = AV_PICTURE_TYPE_I + get_bits1(&s->gb); @@ -1071,6 +1070,9 @@ int ff_h263_decode_picture_header(MpegEn s->qscale = get_bits(&s->gb, 5); } + if ((ret = av_image_check_size(s->width, s->height, 0, s)) < 0) + return ret; + s->mb_width = (s->width + 15) / 16; s->mb_height = (s->height + 15) / 16; s->mb_num = s->mb_width * s->mb_height;
