This bug was fixed in the package ffmpeg - 7:2.8.6-1ubuntu1
---
ffmpeg (7:2.8.6-1ubuntu1) xenial; urgency=low
* Merge from Debian unstable. Remaining changes:
- Compile with -O2 rather than -O3 on s390x, to work around
https://bugs.launchpad.net/bugs/1526324.
* Should
This bug was fixed in the package ffmpeg - 7:2.5.10-0ubuntu0.15.04.1
---
ffmpeg (7:2.5.10-0ubuntu0.15.04.1) vivid-security; urgency=medium
* Import new upstream bugfix release 2.5.10.
- Fixes CVE-2016-1897 and CVE-2016-1898. (LP: #1533367)
-- Andreas Cadhalpun
ACK on the debdiff in comment #7. Package is building now and will be
released as a security update today. Thanks!
** Changed in: ffmpeg (Ubuntu Vivid)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
This bug was fixed in the package ffmpeg - 7:2.7.5-0ubuntu0.15.10.1
---
ffmpeg (7:2.7.5-0ubuntu0.15.10.1) wily-security; urgency=medium
* Import new upstream bugfix release 2.7.5.
- Fixes CVE-2016-1897 and CVE-2016-1898. (LP: #1533367)
-- Andreas Cadhalpun
Filipp, if an issue is fixed in libavformat it doesn't affect programs
using this dynamic library (like mplayer) anymore, once they have been
restarted after libavformat has been upgraded.
To fix this issue in xenial, 2.8.5-1 needs to be merged from
Debian/unstable.
Attached is a debdiff for
** Also affects: ffmpeg (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: ffmpeg (Ubuntu Xenial)
Importance: Medium
Status: Confirmed
** Also affects: ffmpeg (Ubuntu Wily)
Importance: Undecided
Status: New
--
You received this bug notification
Thank you, guys
Is it also fixed another packages like Mplayer or KDE Baloo?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1533367
Title:
ffmpeg allows Server-Side Request Forgery attack
To manage
** Changed in: ffmpeg (Ubuntu Vivid)
Status: New => Confirmed
** Changed in: ffmpeg (Ubuntu Wily)
Status: New => Confirmed
** Changed in: ffmpeg (Ubuntu Vivid)
Importance: Undecided => Medium
** Changed in: ffmpeg (Ubuntu Wily)
Importance: Undecided => Medium
--
You
ACK on the debdiff in comment #3. Packages are building now and will be
released as a security update today. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1533367
Title:
ffmpeg allows
** Changed in: ffmpeg (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1533367
Title:
ffmpeg allows Server-Side Request Forgery attack
To manage
CVE-2016-1897 (concat) and CVE-2016-1898 (subfile) were assigned to this
bug, which (among other potentially security relevant issues) is fixed
in FFmpeg 2.7.5 (the lines below starting with avformat/hls refer to
this bug).
Attached is a debdiff. (git repo is at [1])
Testing performed (in a wily
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
12 matches
Mail list logo
