[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)
zesty has 3.2.2, which has fixes for the listed CVEs. ** Changed in: ffmpeg (Ubuntu) Status: Invalid => Fix Released ** No longer affects: ffmpeg (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 (xenial) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/xenial/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)
** Changed in: ffmpeg (Ubuntu Xenial) Importance: Undecided => Low ** Changed in: ffmpeg (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 (xenial) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)
Debdiff mentioning the CVEs in the changelog is attached. ** Patch added: "debdiff for 2.8.10" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+attachment/4790034/+files/ffmpeg_2.8.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 (xenial) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)
ok, could you add them to the changelog please? (note that I "invalidated" the "devel" task, the xenial task is good; this makes for better view in the sponsoring overview) ** Changed in: ffmpeg (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 (xenial) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)
For 2.8.9 there are now CVEs available [1]: CVE-2016-7502, CVE-2016-7785, CVE-2016-7905, CVE-2016-7562 1: https://ffmpeg.org/security.html ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-7502 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-7562 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-7785 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-7905 ** Changed in: ffmpeg (Ubuntu) Status: Invalid => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 (xenial) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)
CVEs aren't available yet, but this fixes important security issues like: https://trac.ffmpeg.org/ticket/5992 https://trac.ffmpeg.org/ticket/5994 ** Bug watch added: FFmpeg Trac bug tracker #5992 https://trac.ffmpeg.org/ticket/5992 ** Bug watch added: FFmpeg Trac bug tracker #5994 https://trac.ffmpeg.org/ticket/5994 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 (xenial) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016
** Also affects: ffmpeg (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: ffmpeg (Ubuntu) Status: New => Invalid ** Changed in: ffmpeg (Ubuntu Xenial) Status: New => Triaged ** Summary changed: - FFmpeg security fixes December 2016 + FFmpeg security fixes December 2016 (xenial) ** Tags added: upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 (xenial) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016
This one upload doesn't seem to fix any CVE, why should it go through security over regular SRU? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016
There has been another release fixing bugs in network code: version 2.8.10 - avformat/http: Match chunksize checks to master..3.0 - Changelog: fix typos - ffserver: Check chunk size - Avoid using the term "file" and prefer "url" in some docs and comments - avformat/rtmppkt: Check for packet size mismatches - zmqsend: Initialize ret to 0 - configure: check for strtoull on msvc - http: move chunk handling from http_read_stream() to http_buf_read(). - http: make length/offset-related variables unsigned. Attached is the new debdiff. (git repo is at [1]) Testing performed (in a xenial chroot): * build including test suite works * installation works * upgrade works * autopkgtests pass 1: https://anonscm.debian.org/cgit/pkg- multimedia/ffmpeg.git/log/?h=xenial ** Patch added: "debdiff for 2.8.10" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+attachment/4788802/+files/ffmpeg_2.8.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1647226] Re: FFmpeg security fixes December 2016
Attached is a debdiff. (git repo is at [1]) Testing performed (in a xenial chroot): * build including test suite works * installation works * upgrade works * autopkgtests pass 1: https://anonscm.debian.org/cgit/pkg- multimedia/ffmpeg.git/log/?h=xenial ** Patch added: "debdiff for 2.8.9" https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+attachment/4787437/+files/ffmpeg_2.8.9.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647226 Title: FFmpeg security fixes December 2016 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
