Please sync ffmpeg 7:3.3.4-2 (universe) from Debian unstable (main)
FFmpeg 3.3.4 is an upstream bugfix only release which also fixes 12 CVEs
which currently affect FFmpeg in artful. The only Debian change is
adding a patch to fix a FTBFS with OpenJPEG 2.2 and since OpenJPEG 2.2
was recently synced into artful, this should go in as well.
Debian changelog
============
ffmpeg (7:3.3.4-2) unstable; urgency=medium
* debian/patches/0004-Add-support-for-LibOpenJPEG-v2.2-git.patch:
- Add upstream patch to fix FTBFS with OpenJPEG 2.2. (Closes: #876805)
-- James Cowgill <jcowg...@debian.org> Tue, 26 Sep 2017 11:42:03 +0100
ffmpeg (7:3.3.4-1) unstable; urgency=medium
* New upstream bugfix release.
- Fixes CVE-2017-14054, CVE-2017-14055, CVE-2017-14056,
CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169,
CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223,
CVE-2017-14225.
- Fixes crashes on ARM due to misalignment. (Closes: #872503)
* debian/patches:
- Drop 0004-swscale-fix-gbrap16-alpha-channel-issues.patch,
applied upstream.
-- James Cowgill <jcowg...@debian.org> Tue, 12 Sep 2017 23:44:51 +0100
Upstream changelog
===========
version 3.3.4:
- avcodec/hevc_ps: improve check for missing default display window bitstream
- avcodec/hevc_ps: Fix c?_qp_offset_list size
- avcodec/shorten: Move buffer allocation and offset init to end of
read_header()
- avcodec/jpeg2000dsp: Fix multiple integer overflows in ict_int()
- avcodec/hevcdsp_template: Fix undefined shift in put_hevc_pel_bi_w_pixels
- avcodec/diracdec: Fix overflow in DC computation
- avcodec/scpr: optimize shift loop.
- avcodec/dirac_vlc: limit res_bits in APPEND_RESIDUE()
- libavcodec/h264_parse: don't use uninitialized value when chroma_format_idc==0
- avformat/asfdec: Fix DoS in asf_build_simple_index()
- avformat/mov: Fix DoS in read_tfra()
- avcodec/dirac_vlc: Fix invalid shift in ff_dirac_golomb_read_32bit()
- avcodec/dirac_dwt: Fix multiple overflows in 9/7 lifting
- avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED()
- avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
- avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array()
- avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
- avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered()
- avcodec/hevc_ps: Fix undefined shift in pcm code
- avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate()
- avformat/mvdec: Fix DoS due to lack of eof check
- avformat/rl2: Fix DoS due to lack of eof check
- avformat/rmdec: Fix DoS due to lack of eof check
- avformat/cinedec: Fix DoS due to lack of eof check
- avformat/asfdec: Fix DoS due to lack of eof check
- avformat/hls: Fix DoS due to infinite loop
- ffprobe: Fix NULL pointer handling in color parameter printing
- ffprobe: Fix null pointer dereference with color primaries
- avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps()
- avformat/rtpdec_h264: Fix heap-buffer-overflow
- avformat/aviobuf: Fix signed integer overflow in avio_seek()
- avformat/mov: Fix signed integer overflows with total_size
- avcodec/utils: Fix signed integer overflow in rc_initial_buffer_occupancy
initialization
- avcodec/aacdec_template: Fix running cleanup in decode_ics_info()
- avcodec/me_cmp: Fix crashes on ARM due to misalignment
- avcodec/pixlet: Fixes: undefined shift in av_mod_uintp2()
- avcodec/dirac_dwt_template: Fix integer overflow in vertical_compose53iL0()
- avcodec/fic: Fixes signed integer overflow
- avcodec/snowdec: Fix off by 1 error
- avcodec/pixlet: fixes integer overflow in read_highpass()
- avcodec/zmbv: Check decomp_size
- avcodec/diracdec: Fixes integer overflow
- avcodec/diracdec: Check perspective_exp and zrs_exp.
- avcodec/ffv1dec_template: Fix undefined shift
- avcodec/mpeg4videodec: Clear mcsel before decoding an image
- avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97*
- avcodec/aacdec_fixed: fix invalid shift in predict()
- avcodec/h264_slice: Fix overflow in slice offset
- avformat/utils: fix memory leak in avformat_free_context
- swscale: fix gbrap16 alpha channel issues
- avcodec/h264idct_template: Fix integer overflow in ff_h264_idct_add()
- avcodec/diracdsp: fix integer overflow
- avcodec/diracdec: Check weight_log2denom
- avcodec/nvenc: only push cuda context on encoder close if encoder exists
- avfilter/vf_ssim: fix temp size calculation
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14054
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14055
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14056
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14057
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14058
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14059
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14169
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14170
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14171
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14222
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14223
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14225
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721249
Title:
ffmpeg artful update to 3.3.4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1721249/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
