Ubuntu
libvpx package

Change logs for libvpx source package in Xenial

  1. Xenial (16.04)
  2. Change log 
  • libvpx (1.5.0-2ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: image width alignment issue
    - debian/patches/CVE-2017-13194-1.patch: fix image width alignment in
      vpx/src/vpx_image.c.
    - debian/patches/CVE-2017-13194-2.patch: fix alignment without external
      allocation in vpx/src/vpx_image.c.
    - CVE-2017-13194
  * SECURITY UPDATE: double free in ParseContentEncodingEntry
    - debian/patches/CVE-2019-2126.patch: set compression_entries_ to NULL
      in third_party/libwebm/mkvparser/mkvparser.cc.
    - CVE-2019-2126
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-9232.patch: use unsigned char in
      vp8/decoder/dboolhuff.h, vpx_dsp/bitreader.h.
    - CVE-2019-9232
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-9325.patch: fix size in vp9/vp9_dx_iface.c,
      vpx_dsp/bitreader_buffer.c, test/decode_api_test.cc.
    - CVE-2019-9325
  * SECURITY UPDATE: memory disclosure issue
    - debian/patches/CVE-2019-9433.patch: fix use-after-free in
      vp8/common/postproc.c.
    - CVE-2019-9433

 -- Marc Deslauriers <email address hidden>  Tue, 19 Nov 2019 11:26:37 -0500
  • libvpx (1.5.0-2ubuntu1) xenial; urgency=medium

  * Update to PHP7.0 build-dependencies (LP: #1566423).

 -- Nishanth Aravamudan <email address hidden>  Tue, 05 Apr 2016 09:38:23 -0700
  • libvpx (1.5.0-2) unstable; urgency=medium

  * debian/rules:
    + Disable PPC specific target to fix FTBFS. It's not supported anymore.

 -- Sebastian Dröge <email address hidden>  Mon, 28 Dec 2015 16:40:00 +0200
  • libvpx (1.5.0-1) unstable; urgency=medium

  * New upstream release:
    + debian/rules,
      debian/control,
      debian/libvpx*.symbols:
      - Update from libvpx2 to libvpx3.
  * debian/patches/fix-build.patch:
    + Fix invalid C that causes the build to fail (Closes: #809129).
      Patch based on the one from Colin Watson from
      https://bugs.launchpad.net/ubuntu/+source/libvpx/+bug/1528297

 -- Sebastian Dröge <email address hidden>  Mon, 28 Dec 2015 09:59:43 +0200
  • libvpx (1.4.0-4) unstable; urgency=medium

  * debian/rules:
    + Configure with --size-limit=16384x16384 to work around
      CVE-2015-1258 like Chrome does. Streams with a higher
      resolution than that will fail to decode now.
    + Configure with --enable-postproc --enable-multi-res-encoding
      --enable-temporal-denoising --enable-vp9-temporal-denoising
      --enable-vp9-postproc to mirror the configuration that Chrome
      is using.

 -- Sebastian Dröge <email address hidden>  Tue, 23 Jun 2015 10:09:08 +0200