[Bug 1436296] Re: FFmpeg security fixes March 2015
Ack on the debdiff, looks good. I've uploaded it to build and will release it later today. Thanks! ** Changed in: ffmpeg (Ubuntu) Status: Confirmed = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1436296 Title: FFmpeg security fixes March 2015 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1436296] Re: FFmpeg security fixes March 2015
This bug was fixed in the package ffmpeg - 7:2.5.6-0ubuntu0.15.04.1 --- ffmpeg (7:2.5.6-0ubuntu0.15.04.1) vivid-security; urgency=medium * Import new upstream bugfix release 2.5.6. (LP: #1436296) -- Andreas Cadhalpun andreas.cadhal...@googlemail.com Sun, 19 Apr 2015 19:39:22 +0200 ** Changed in: ffmpeg (Ubuntu) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1436296 Title: FFmpeg security fixes March 2015 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1436296] Re: FFmpeg security fixes March 2015
As vivid is released now, this update needs to go through vivid-security. Attached is an updated debdiff. (git repo is at [1]) Testing performed (in a vivid chroot): * build including test suite works * installation works * upgrade works * running the autopkgtests from 2.6.2-1 (in Debian) gives 2 less failures and 7 less crashes than 2.5.4-1 (Only two failures remain.) 1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid ** Patch added: 2.5.6-0ubuntu0.15.04.1.diff https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+attachment/4384782/+files/2.5.6-0ubuntu0.15.04.1.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1436296 Title: FFmpeg security fixes March 2015 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1436296] Re: FFmpeg security fixes March 2015
In the meanwhile FFmpeg 2.5.6 with some more fixes has been released. version 2.5.6 - avcodec/atrac3plusdsp: fix on stack alignment - ac3: validate end in ff_ac3_bit_alloc_calc_mask - aacpsy: avoid psy_band-threshold becoming NaN - aasc: return correct buffer size from aasc_decode_frame - msrledec: use signed pixel_ptr in msrle_decode_pal4 - swresample: Allow reinitialization without ever setting channel layouts (cherry picked from commit 80a28c7509a4e1aea5b208d56c6646d69c07) - swresample: Allow reinitialization without ever setting channel counts - avcodec/h264: Do not fail with randomly truncated VUIs - avcodec/h264_ps: Move truncation check from VUI to SPS - avcodec/h264: Be more tolerant to changing pps id between slices - avcodec/aacdec: Fix storing state before PCE decode - avcodec/h264: reset the counts in the correct context - avcodec/h264_slice: Do not reset mb_aff_frame per slice - avcodec/h264: finish previous slices before switching to single thread mode - avcodec/h264: Fix race between slices where one overwrites data from the next - avcodec/h264_refs: Do not set reference to things which do not exist - avcodec/h264: Fail for invalid mixed IDR / non IDR frames in slice threading mode - h264: avoid unnecessary calls to get_format - avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer I updated the vivid branch on Alioth [1]. It builds fine in a vivid chroot, including build time tests. Attached is a debdiff from 2.5.4-1. 1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid ** Patch added: 2.5.6.diff https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+attachment/4379593/+files/2.5.6.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1436296 Title: FFmpeg security fixes March 2015 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1436296] Re: FFmpeg security fixes March 2015
Why did you build 2.6.1 instead of 2.5.5 as the bug requests? I don't think that would require an exception. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1436296 Title: FFmpeg security fixes March 2015 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1436296] Re: FFmpeg security fixes March 2015
** Changed in: ffmpeg (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1436296 Title: FFmpeg security fixes March 2015 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs