I have uploaded a proposed package to ppa:siretart/ppa (trusty). Ubuntu-security-sponsors, please copy it to trusty-security
** Changed in: libav (Ubuntu) Importance: Undecided => High ** Changed in: libav (Ubuntu) Status: New => In Progress ** Changed in: libav (Ubuntu) Assignee: (unassigned) => Reinhard Tartler (siretart) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: In Progress Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp