[Desktop-packages] [Bug 1160734] Re: Merge Libav 0.8.6-1 from unstable
** Branch linked: lp:ubuntu/raring-proposed/libav -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1160734 Title: Merge Libav 0.8.6-1 from unstable Status in “libav” package in Ubuntu: In Progress Bug description: The package 0.8.6 from unstable fixes 4 CVEs: h264: check for luma and chroma bit depth being equal (CVE-2013-2277) iff: validate CMAP palette size (CVE-2013-2495) msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1160734/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1160734] Re: Merge Libav 0.8.6-1 from unstable
This bug was fixed in the package libav - 6:0.8.6-1ubuntu1 --- libav (6:0.8.6-1ubuntu1) raring; urgency=low * Merge from debian/unstable, LP: #1160734, remaining changes: - don't build against libdirac, lame, libopenjpeg, librtmp, frei0r, vo-aacenc, vo-amrenc, x264, and xvid (all in universe) - do not build libav-extra-dbg, it is build from the libav-extra source package in ubuntu. - drop libav-regular-dbg, not necessary in ubuntu - Adjust LIB_PKGS/LIB_PKGS2 lists in debian/rules - several ifdefs in debian/rules that allow the use of the same file in libav and libav-extra (most of this can be merged into the debian package) * Tested that co-instability of libavcodec-dev with libavcodec-extra-53 works. LP: #1143929, #1101829 * Remove all debug packages. In ubuntu, we provide debug symbols via the .ddeb infrastructure. libav (6:0.8.6-1) unstable; urgency=low * Imported Upstream version 0.8.6, new releases fixes: - h264: check for luma and chroma bit depth being equal (CVE-2013-2277) - iff: validate CMAP palette size (CVE-2013-2495) - msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) - vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) - Thus, closes: #703200 libav (6:0.8.5-1) unstable; urgency=low * New upstream security/bugfix release. New releases fixes (bug numbers reference http://bugzilla.libav.org, Closes: #694483) - Indeo 4 (CVE-2012-2791) - VP5/VP6 (CVE-2012-2783) - Indeo 3 (CVE-2012-2804) - MPEG-1/2 (CVE-2012-2803) - MP3 (CVE-2012-2797) - AAC (CVE-2012-5144) - AC-3 (CVE-2012-2802) - AVS (CVE-2012-2801) - DFA (CVE-2012-2798) - ID3v2 (Bug 395) - Serious Memory leaks on broken Ogg files * drop recordshow script. This clearly undermaintained script has unclear copyright status and is unlikely to work properly anyway. -- Reinhard Tartler siret...@tauware.de Wed, 27 Mar 2013 07:57:15 +0100 ** Changed in: libav (Ubuntu) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2783 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2791 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2797 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2798 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2801 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2802 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2803 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2804 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5144 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1160734 Title: Merge Libav 0.8.6-1 from unstable Status in “libav” package in Ubuntu: Fix Released Bug description: The package 0.8.6 from unstable fixes 4 CVEs: h264: check for luma and chroma bit depth being equal (CVE-2013-2277) iff: validate CMAP palette size (CVE-2013-2495) msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1160734/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1160734] Re: Merge Libav 0.8.6-1 from unstable
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2277 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2495 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2496 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0894 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1160734 Title: Merge Libav 0.8.6-1 from unstable Status in “libav” package in Ubuntu: In Progress Bug description: The package 0.8.6 from unstable fixes 4 CVEs: h264: check for luma and chroma bit depth being equal (CVE-2013-2277) iff: validate CMAP palette size (CVE-2013-2495) msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1160734/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1160734] Re: Merge Libav 0.8.6-1 from unstable
** Branch linked: lp:~siretart/libav/merge.raring.libav-0.8.6 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1160734 Title: Merge Libav 0.8.6-1 from unstable Status in “libav” package in Ubuntu: In Progress Bug description: The package 0.8.6 from unstable fixes 4 CVEs: h264: check for luma and chroma bit depth being equal (CVE-2013-2277) iff: validate CMAP palette size (CVE-2013-2495) msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1160734/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1160734] Re: Merge Libav 0.8.6-1 from unstable
I've pushed my work in progress branch. The package at least builds locally, but I have yet to test it. Moreover, debian/changelog needs improvement. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1160734 Title: Merge Libav 0.8.6-1 from unstable Status in “libav” package in Ubuntu: In Progress Bug description: The package 0.8.6 from unstable fixes 4 CVEs: h264: check for luma and chroma bit depth being equal (CVE-2013-2277) iff: validate CMAP palette size (CVE-2013-2495) msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1160734/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp