Please sync ffmpeg 7:3.3.4-2 (universe) from Debian unstable (main) FFmpeg 3.3.4 is an upstream bugfix only release which also fixes 12 CVEs which currently affect FFmpeg in artful. The only Debian change is adding a patch to fix a FTBFS with OpenJPEG 2.2 and since OpenJPEG 2.2 was recently synced into artful, this should go in as well.
Debian changelog ============ ffmpeg (7:3.3.4-2) unstable; urgency=medium * debian/patches/0004-Add-support-for-LibOpenJPEG-v2.2-git.patch: - Add upstream patch to fix FTBFS with OpenJPEG 2.2. (Closes: #876805) -- James Cowgill <jcowg...@debian.org> Tue, 26 Sep 2017 11:42:03 +0100 ffmpeg (7:3.3.4-1) unstable; urgency=medium * New upstream bugfix release. - Fixes CVE-2017-14054, CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225. - Fixes crashes on ARM due to misalignment. (Closes: #872503) * debian/patches: - Drop 0004-swscale-fix-gbrap16-alpha-channel-issues.patch, applied upstream. -- James Cowgill <jcowg...@debian.org> Tue, 12 Sep 2017 23:44:51 +0100 Upstream changelog =========== version 3.3.4: - avcodec/hevc_ps: improve check for missing default display window bitstream - avcodec/hevc_ps: Fix c?_qp_offset_list size - avcodec/shorten: Move buffer allocation and offset init to end of read_header() - avcodec/jpeg2000dsp: Fix multiple integer overflows in ict_int() - avcodec/hevcdsp_template: Fix undefined shift in put_hevc_pel_bi_w_pixels - avcodec/diracdec: Fix overflow in DC computation - avcodec/scpr: optimize shift loop. - avcodec/dirac_vlc: limit res_bits in APPEND_RESIDUE() - libavcodec/h264_parse: don't use uninitialized value when chroma_format_idc==0 - avformat/asfdec: Fix DoS in asf_build_simple_index() - avformat/mov: Fix DoS in read_tfra() - avcodec/dirac_vlc: Fix invalid shift in ff_dirac_golomb_read_32bit() - avcodec/dirac_dwt: Fix multiple overflows in 9/7 lifting - avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED() - avformat/mxfdec: Fix Sign error in mxf_read_primer_pack() - avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array() - avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop. - avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered() - avcodec/hevc_ps: Fix undefined shift in pcm code - avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate() - avformat/mvdec: Fix DoS due to lack of eof check - avformat/rl2: Fix DoS due to lack of eof check - avformat/rmdec: Fix DoS due to lack of eof check - avformat/cinedec: Fix DoS due to lack of eof check - avformat/asfdec: Fix DoS due to lack of eof check - avformat/hls: Fix DoS due to infinite loop - ffprobe: Fix NULL pointer handling in color parameter printing - ffprobe: Fix null pointer dereference with color primaries - avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps() - avformat/rtpdec_h264: Fix heap-buffer-overflow - avformat/aviobuf: Fix signed integer overflow in avio_seek() - avformat/mov: Fix signed integer overflows with total_size - avcodec/utils: Fix signed integer overflow in rc_initial_buffer_occupancy initialization - avcodec/aacdec_template: Fix running cleanup in decode_ics_info() - avcodec/me_cmp: Fix crashes on ARM due to misalignment - avcodec/pixlet: Fixes: undefined shift in av_mod_uintp2() - avcodec/dirac_dwt_template: Fix integer overflow in vertical_compose53iL0() - avcodec/fic: Fixes signed integer overflow - avcodec/snowdec: Fix off by 1 error - avcodec/pixlet: fixes integer overflow in read_highpass() - avcodec/zmbv: Check decomp_size - avcodec/diracdec: Fixes integer overflow - avcodec/diracdec: Check perspective_exp and zrs_exp. - avcodec/ffv1dec_template: Fix undefined shift - avcodec/mpeg4videodec: Clear mcsel before decoding an image - avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97* - avcodec/aacdec_fixed: fix invalid shift in predict() - avcodec/h264_slice: Fix overflow in slice offset - avformat/utils: fix memory leak in avformat_free_context - swscale: fix gbrap16 alpha channel issues - avcodec/h264idct_template: Fix integer overflow in ff_h264_idct_add() - avcodec/diracdsp: fix integer overflow - avcodec/diracdec: Check weight_log2denom - avcodec/nvenc: only push cuda context on encoder close if encoder exists - avfilter/vf_ssim: fix temp size calculation ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14054 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14055 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14056 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14057 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14058 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14059 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14169 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14170 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14171 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14222 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14223 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14225 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1721249 Title: ffmpeg artful update to 3.3.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1721249/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs