-
libav (4:0.6.6-0ubuntu0.11.04.1) natty-security; urgency=low
* Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
- CVE-2011-3929
- CVE-2011-3936
- CVE-2011-3940
- CVE-2011-3945
- CVE-2011-3947
- CVE-2011-3951
- CVE-2011-3952
- CVE-2012-0850
- CVE-2012-0851
- CVE-2012-0852
- CVE-2012-0853
- CVE-2012-0858
- CVE-2012-0859
- CVE-2012-0947
-- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 10:26:36 -0400
-
libav (4:0.6.4-0ubuntu0.11.04.1) natty-security; urgency=low
* Update to 0.6.4 to fix multiple security issues (LP: #911811):
- SECURITY UPDATE: denial of service and possible code execution via
malformed Matroska file
- CVE-2011-3504
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing QDM2 stream
- CVE-2011-4351
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP3 stream
- CVE-2011-4352
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP5 or VP6 streams
- CVE-2011-4353
- SECURITY UPDATE: denial of service and possible code execution via
malformed VMD file
- CVE-2011-4364
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing svq1 stream
- CVE-2011-4579
* Removed upstreamed patches:
- CVE-2011-1196.patch
- CVE-2011-1931.patch
- CVE-2011-3362.patch
-- Marc Deslauriers <email address hidden> Tue, 03 Jan 2012 15:49:39 -0500
-
libav (4:0.6.2-1ubuntu1.1) natty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
malformed OGG file
- debian/patches/CVE-2011-1196.patch: revalidate index when necessary
in libavformat/oggdec.c.
- CVE-2011-1196
* SECURITY UPDATE: denial of service and possible code execution via
malformed AMV file
- debian/patches/CVE-2011-1931.patch: don't change flags in
libavcodec/sp5xdec.c.
- CVE-2011-1931
* SECURITY UPDATE: arbitrary code execution via malformed CAVS file
- debian/patches/CVE-2011-3362.patch: validate values in
libavcodec/cavsdec.c.
- CVE-2011-3362
-- Marc Deslauriers <email address hidden> Fri, 16 Sep 2011 09:06:48 -0400
-
libav (4:0.6.2-1ubuntu1) natty; urgency=low
* Merge from debian. Remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
- explicitly --enable-pic on powerpc, cf. LP #654666
- different arm configure bits that should probably better be
merged into debian
libav (4:0.6.2-1) unstable; urgency=medium
[ Reinhard Tartler ]
* Imported Upstream version 0.6.2
- include security fixes (Closes: #611495)
* rename source package to libav
* Switch to libav packages
* copy in changelog entries from the 0.5 packaging branch (Closes: #616190)
* update version numbering
* make buildlogs verbose
* Introduce 'libav-source', which contains the patched sources of libav
* rename source package to libav
[ Fabian Greffrath ]
* Fix cp of doxy documentation fails with "Argument list too long" (Closes: #618679)
-- Reinhard Tartler <email address hidden> Sun, 20 Mar 2011 12:09:31 +0100
