-
ffmpeg (4:0.5.9-0ubuntu0.10.04.3) lucid-security; urgency=low
* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
- debian/patches/CVE-2012-2783.patch: release frames on error in
libavcodec/vp56.c.
- CVE-2012-2783
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
- debian/patches/CVE-2012-2803.patch: do not decode extradata more than
once in libavcodec/mpeg12.c.
- CVE-2012-2803
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 13:48:47 -0500
-
ffmpeg (4:0.5.9-0ubuntu0.10.04.2) lucid-security; urgency=low
* SECURITY UPDATE: security issues in decode_pic
- debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
libavcodec/cavsdec.c.
- CVE-2012-2777
- CVE-2012-2784
* SECURITY UPDATE: out of array read in avi_read_packet function
- debian/patches/CVE-2012-2788.patch: use accurate size in
libavformat/avidec.c.
- CVE-2012-2788
* SECURITY UPDATE: out of array writes in avs.c
- debian/patches/CVE-2012-2801.patch: force dimensions in
libavcodec/avs.c.
- CVE-2012-2801
-- Marc Deslauriers <email address hidden> Tue, 18 Dec 2012 10:52:37 -0500
-
ffmpeg (4:0.5.9-0ubuntu0.10.04.1) lucid-security; urgency=low
* SECURITY UPDATE: Updated to libav 0.5.9 to fix multiple security
issues. (LP: #1012132)
- CVE-2011-3929
- CVE-2011-3936
- CVE-2011-3940
- CVE-2011-3947
- CVE-2011-3951
- CVE-2011-3952
- CVE-2012-0851
- CVE-2012-0852
- CVE-2012-0853
- CVE-2012-0858
- CVE-2012-0859
- CVE-2012-0947
* Removed upstreamed patches:
- CVE-2010-3429.patch
- CVE-2010-3908.patch
- CVE-2010-4704.patch
- CVE-2011-0480.patch
- CVE-2011-0722.patch
- CVE-2011-0723.patch
- CVE-2011-2161.patch
- CVE-2011-3362.patch
- CVE-2011-3504.patch
- CVE-2011-4351.patch
- CVE-2011-4353.patch
- CVE-2011-4364.patch
- CVE-2011-4579.patch
-- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 09:14:53 -0400
-
ffmpeg (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
malformed Matroska file
- debian/patches/CVE-2011-3504.patch: verify memory allocation failures
in libavformat/matroskadec.c.
- CVE-2011-3504
* SECURITY UPDATE: denial of service and possible code execution via
malformed file containing QDM2 stream
- debian/patches/CVE-2011-4351.patch: check boundaries in
libavcodec/qdm2.c.
- CVE-2011-4351
* SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP5 or VP6 streams
- debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
and libavcodec/vp6.c.
- CVE-2011-4353
* SECURITY UPDATE: denial of service and possible code execution via
malformed VMD file
- debian/patches/CVE-2011-4364.patch: properly check lengths in
libavcodec/vmdav.c.
- CVE-2011-4364
* SECURITY UPDATE: denial of service and possible code execution via
malformed file containing svq1 stream
- debian/patches/CVE-2011-4579.patch: set dimensions after they have
changed in libavcodec/svq1dec.c.
- CVE-2011-4579
-- Marc Deslauriers <email address hidden> Wed, 21 Dec 2011 11:30:09 -0500
-
ffmpeg (4:0.5.1-1ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via malformed APE file
- debian/patches/CVE-2011-2161.patch: make sure there are frames in
libavformat/ape.c.
- CVE-2011-2161
* SECURITY UPDATE: arbitrary code execution via malformed CAVS file
- debian/patches/CVE-2011-3362.patch: validate values in
libavcodec/cavsdec.c.
- CVE-2011-3362
-- Marc Deslauriers <email address hidden> Fri, 16 Sep 2011 09:45:12 -0400
-
ffmpeg (4:0.5.1-1ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted flic file
- debian/patches/CVE-2010-3429.patch: add checks to
libavcodec/flicvideo.c.
- CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
(LP: #690169)
- debian/patches/CVE-2010-3908.patch: properly calculate size in
libavcodec/utils.c.
- CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
- debian/patches/CVE-2010-4704.patch: validate codebook in
libavcodec/vorbis_dec.c.
- CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
crafted WebM file
- debian/patches/CVE-2011-0480.patch: check rangebits in
libavcodec/vorbis_dec.c.
- CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
(LP: #690169)
- debian/patches/CVE-2011-0722.patch: set dimensions in
libavcodec/rv34.c.
- CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
crafted VC1 file (LP: #690169)
- debian/patches/CVE-2011-0723.patch: fix invalid reads in
libavcodec/vc1dec.c.
- CVE-2011-0723
-- Marc Deslauriers <email address hidden> Thu, 31 Mar 2011 10:59:31 -0400
-
ffmpeg (4:0.5.1-1ubuntu1) lucid; urgency=low
* merge from debian. remaining changes:
- don't disable encoders
- don't build against libfaad, libdirac and libopenjpeg (all in universe)
-- Reinhard Tartler <email address hidden> Thu, 04 Mar 2010 10:34:37 +0100
-
ffmpeg (4:0.5+svn20090706-5ubuntu2) lucid; urgency=low
* tighten build dependency on new x264 package
* add x264 backport for ffmpeg 0.5
* install presets in 'libavcodec package' instead of 'ffmpeg' binary,
see git history for rationale of this change
-- Reinhard Tartler <email address hidden> Wed, 17 Feb 2010 08:37:17 +0100
-
ffmpeg (4:0.5+svn20090706-5ubuntu1) lucid; urgency=low
* merge from debian, remaining changes:
- dont disable internal encoders
- disabled extra depedencies (come with ffmpeg-extra)
- libdirac
- libopenjpeg
ffmpeg (4:0.5+svn20090706-4) unstable; urgency=low
[ Loïc Minier ]
* Use default toolchain setup on ARM flavors for noopt and only add FPU
CFLAGS in the VFP and NEON flavors; this is ok since internally, cpu will
be set to "generic" but -march=generic or -mcpu=generic will NOT be added
to the build flags.
* Build all armel flavours with -marm since ffmpeg has a lot of hand crafted
assembly which doesn't build in the new lucid default mode (Thumb 2);
LP: #488267
* Build all armel flavours with -fPIC -DPIC instead of just the neon flavour
as the new flags/toolchain require this in Ubuntu lucid.
* Build some assembly test code -- just like configure -- to decide whether
the *default* toolchain uses vfp or neon to decided whether to build the
vfp and neon flavors.
* Drop --disable/--enable opt flags such as --disable-neon or
--enable-armvfp on ARM since the upstream configure script will do the
right thing when the proper flags are set.
ffmpeg (4:0.5+svn20090706-3) experimental; urgency=low
[ Loïc Minier ]
* Disable more autodetecter ARM arch features
* Enable neon flavour
* Update NEON confflags to assume v7 and VFP
* Add backported NEON patches from ffmpeg trunk
* Pass proper --cpu and --extra-flags on armel
* Pass -fPIC -DPIC to neon pass
[ Fabian Greffrath ]
* Initialize the FLAVORS variable to static instead of appending to
it. Also, we do not support the internalencoders variable anymore.
[ Andres Mejia ]
* Remove unused patches from packaging.
* Update Vcs-* entries to new location.
* Bump Standards-Version to 3.8.3.
[ Reinhard Tartler ]
* change shlibs file to make applications depend on the -extra- packages
* loosen dependencies further, so that the -dev packages remain
installable even if ffmpeg-extra is 'out-of-date'
* add patch for issue1245: Make arguments of av_set_pts_info() unsigned.
* Support constant-quant encoding for libtheora, LP: #356322
* increase swscale compile time width (VOF/VOFW), LP: #443264
* Backports of various security patches, Closes: #550442, including:
- backport fixes for vorbis_dec
- backport oggparsevorbis fix
- backport vp3 fixes
- backport ffv1 fix
- libavcodec/mpegaudiodec.c backports
- h264 security backports
- backported libavformat/mov.c security fixes
- backported libavformat/oggdec.c security fixes
- backport svn r18016 aka 'MOV-Support-stz2-Compact-Sample-Size-Box'
to fix FTBFS
* enable symbol versioning
* bump shlibs version
* add README.source describing how this source package manages patches
* make sure the ${misc:Depends} substvar is used for each binary package
-- Reinhard Tartler <email address hidden> Sat, 16 Jan 2010 10:12:15 +0100
-
ffmpeg (4:0.5+svn20090706-2ubuntu4) lucid; urgency=low
* add build dependency on 'yasm', since it is now moved to main.
-- Reinhard Tartler <email address hidden> Mon, 21 Dec 2009 23:57:34 +0100
-
ffmpeg (4:0.5+svn20090706-2ubuntu3) lucid; urgency=low
* security backports from ffmpeg trunk (Closes: #550442)
- libavcodec/mpegaudiodec
- libavcodec/vorbis_dec
- libavcodec/ffv1
- libavcodec/vp3
- libavcodec/h264
- libavformat/mov
- libavformat/oggdec
- libavformat/oggparsevorbis
-- Reinhard Tartler <email address hidden> Thu, 05 Nov 2009 20:31:29 +0100
-
ffmpeg (4:0.5+svn20090706-2ubuntu2) karmic; urgency=low
[ Reinhard Tartler ]
* Make arguments of av_set_pts_info() unsigned.
* update debian/changelog
* use patch for issue1245 from git.ffmpeg.org
* Support constant-quant encoding for libtheora, LP: #356322
* increase swscale compile time width (VOF/VOFW), LP: #443264
[ Loïc Minier ]
* Update config for karmic's armel toolchain.
* Enable neon flavour; LP: #383240.
* Update NEON confflags to assume v7 and VFP.
* Add backported NEON patches from ffmpeg trunk; see debian/patches/neon/.
* Pass proper --cpu and --extra-flags on armel.
* Pass -fPIC -DPIC to neon pass.
-- Loic Minier <email address hidden> Tue, 13 Oct 2009 23:56:04 +0200
