This bug was fixed in the package libav - 4:0.7.6-0ubuntu0.11.10.3
---------------
libav (4:0.7.6-0ubuntu0.11.10.3) oneiric-security; urgency=low
* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
- debian/patches/CVE-2012-2783.patch: release frames on error in
libavcodec/vp56.c.
- CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
- debian/patches/CVE-2012-2791.patch: check that scan pattern is set
before using it in libavcodec/ivi_common.c.
- CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
- debian/patches/CVE-2012-2803.patch: do not decode extradata more than
once in libavcodec/mpeg12.c.
- CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
- debian/patches/CVE-2012-5144.patch: fix off-by-one in
libavcodec/aacdec.c.
- CVE-2012-5144
-- Marc Deslauriers <[email protected]> Thu, 24 Jan 2013 13:31:43
-0500
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libav in Ubuntu.
https://bugs.launchpad.net/bugs/1104019
Title:
January 2013 libav security tracking bug
Status in “libav” package in Ubuntu:
Fix Released
Status in “libav” source package in Oneiric:
Fix Released
Status in “libav” source package in Precise:
Fix Released
Status in “libav” source package in Quantal:
Fix Released
Status in “libav” source package in Raring:
Fix Released
Bug description:
This is a bug to track the January 2013 libav security updates:
- 0.8.5 so far:
Indeo 4 (CVE-2012-2791)
VP5/VP6 (CVE-2012-2783)
Indeo 3 (CVE-2012-2804)
MPEG-1/2 (CVE-2012-2803)
MP3 (CVE-2012-2797)
AAC (CVE-2012-5144)
AC-3 (CVE-2012-2802)
AVS (CVE-2012-2801)
DFA (CVE-2012-2798)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1104019/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
