subject:"\[Bug 1528682\] Re\: FFmpeg security fixes December 2015 II"

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2016-01-05 Thread Launchpad Bug Tracker

This bug was fixed in the package ffmpeg - 7:2.7.4-0ubuntu0.15.10.1

---
ffmpeg (7:2.7.4-0ubuntu0.15.10.1) wily-security; urgency=medium

  * Import new upstream bugfix release 2.7.4. (LP: #1528682)

 -- Andreas Cadhalpun   Tue, 22 Dec
2015 21:29:09 +0100

** Changed in: ffmpeg (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528682

Title:
  FFmpeg security fixes December 2015 II

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2016-01-05 Thread Tyler Hicks

Thanks! Everything looks good and I'm building the updated ffmpeg in the
security PPA. Should be released later today.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528682

Title:
  FFmpeg security fixes December 2015 II

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2016-01-04 Thread Daniel Holbach

Can somebody from the security team please take a look at this?

dget -x
http://people.canonical.com/~dholbach/ffmpeg_2.7.4-0ubuntu0.15.10.1.dsc

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528682

Title:
  FFmpeg security fixes December 2015 II

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2015-12-27 Thread Andreas Cadhalpun

A few more CVEs were assigned to fixes in this update:
CVE-2015-8661, CVE-2015-8662 and CVE-2015-8663

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8661

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8662

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8663

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528682

Title:
  FFmpeg security fixes December 2015 II

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2015-12-22 Thread Andreas Cadhalpun

Attached is a debdiff. (git repo is at [1])

Testing performed (in a wily chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=wily

** Patch added: "debdiff for 2.7.4"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+attachment/4539179/+files/ffmpeg_2.7.4.diff

** Description changed:

- Fmpeg 2.7.4 fixing a number of crashes and other potentially security
+ FFmpeg 2.7.4 fixing a number of crashes and other potentially security
  relevant issues (including CVE-2015-6761) was released.
  
  From the upstream Changelog:
  
  version 2.7.4
  - nuv: sanitize negative fps rate
  - rawdec: only exempt BIT0 with need_copy from buffer sanity check
  - mlvdec: check that index_entries exist
  - nutdec: reject negative value_len in read_sm_data
  - xwddec: prevent overflow of lsize * avctx->height
  - nutdec: only copy the header if it exists
  - exr: fix out of bounds read in get_code
  - on2avc: limit number of bits to 30 in get_egolomb
  - avcodec/mpeg4videodec: also for empty partitioned slices
  - avcodec/h264_refs: Fix long_idx check
  - avcodec/h264_mc_template: prefetch list1 only if it is used in the MB
  - avcodec/h264_slice: Simplify ref2frm indexing
  - Revert "avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H"
  - avfilter/vf_mpdecimate: Add missing emms_c()
  - sonic: make sure num_taps * channels is not larger than frame_size
  - opus_silk: fix typo causing overflow in silk_stabilize_lsf
  - ffm: reject invalid codec_id and codec_type
  - golomb: always check for invalid UE golomb codes in get_ue_golomb
  - aaccoder: prevent crash of anmr coder
  - ffmdec: reject zero-sized chunks
  - swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the 
alignment is insufficient for SSE*
  - swscale/x86/rgb2rgb_template: Do not crash on misaligend stride
  - avformat/mxfenc: Do not crash if there is no packet in the first stream
  - avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H
  - avformat/utils: estimate_timings_from_pts - increase retry counter, fixes 
invalid duration for ts files with hevc codec
  - avformat/matroskaenc: Check codecdelay before use
  - avutil/mathematics: Fix division by 0
  - mjpegdec: consider chroma subsampling in size check
  - avcodec/hevc: Check max ctb addresses for WPP
  - avcodec/vp3: ensure header is parsed successfully before tables
  - avcodec/jpeg2000dec: Check bpno in decode_cblk()
  - avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented 
in type int
  - swscale/utils: Fix for runtime error: left shift of negative value -1
  - avcodec/hevc: Fix integer overflow of entry_point_offset
  - avcodec/dirac_parser: Check that there is a previous PU before accessing it
  - avcodec/dirac_parser: Add basic validity checks for next_pu_offset and 
prev_pu_offset
  - avcodec/dirac_parser: Fix potential overflows in pointer checks
  - avcodec/wmaprodec: Check bits per sample to be within the range not causing 
integer overflows
  - avcodec/wmaprodec: Fix overflow of cutoff
  - avformat/smacker: fix integer overflow with pts_inc
  - avcodec/vp3: Fix "runtime error: left shift of negative value"
  - mpegencts: Fix overflow in cbr mode period calculations
  - avutil/timecode: Fix fps check
  - avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from 
av_rescale_rnd() for overflows
  - avcodec/apedec: Check length in long_filter_high_3800()
  - avcodec/vp3: always set pix_fmt in theora_decode_header()
  - avcodec/mpeg4videodec: Check available data before reading custom matrix
  - avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
  - avutil/integer: Fix av_mod_i() with negative dividend
  - avformat/dump: Fix integer overflow in av_dump_format()
  - avcodec/h264_refs: Check that long references match before use
  - avcodec/utils: Clear dimensions in ff_get_buffer() on failure
  - avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
  - avcodec/vp3: Clear context on reinitialization failure
  - avcodec/hevc: allocate entries unconditionally
  - avcodec/hevc_cabac: Fix multiple integer overflows
  - avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
  - avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
  - avcodec/hevc: Check entry_point_offsets
  - avcodec/cabac: Check initial cabac decoder state
  - avcodec/cabac_functions: Fix "left shift of negative value -31767"
  - avcodec/h264_slice: Limit max_contexts when slice_context_count is 
initialized
  - avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
  - avcodec/ffv1dec: Clear quant_table_count if its invalid
  - avcodec/ffv1dec: Print an error if the quant table count is invalid
  - doc/filters/drawtext: fix centering example
  - hqx: correct type and size check of info_offset
  - mxfdec: check edit_rate also for physical_track
  - mpegvideo: clear

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2015-12-22 Thread Mathew Hodson

** Changed in: ffmpeg (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528682

Title:
  FFmpeg security fixes December 2015 II

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

[Bug 1528682] Re: FFmpeg security fixes December 2015 II

6 matches

Site Navigation

Mail list logo

Footer information