This bug was fixed in the package libav - 6:9.13-0ubuntu0.14.04.1
---------------
libav (6:9.13-0ubuntu0.14.04.1) trusty-security; urgency=medium
* Merge from unstable, remaining changes:
- build-depend on libtiff5-dev rather than libtiff4-dev,
avoids FTBFS caused by imlib
* New upstream release 9.13:
- Many security fixes issues LP: #1277173
- swscale: Fix an undefined behaviour
- matroska: add the Opus mapping
- mp3enc: Properly write bitrate value in XING header (Closes: #736088)
- origin/pu/9 oggdec: add support for Opus in Ogg demuxing
(Fixes: libav/603, Closes: #720563)
- apedec: do not buffer decoded samples over AVPackets (Closes: #744901)
- isom: lpcm in mov default to big endian
- movdec: handle 0x7fff langcode as macintosh per the specs
- h264: reset next_output_pic earlier in start_frame()
(Fixes: libav/672, Closes: #741240, LP: #1288206)
- rtmpproto: Make sure to pass on the error code if read_connect failed
- lavr: allocate the resampling buffer with a positive size
- tiffdec: use bytestream2 to simplify overread/overwrite protection
- resample: fix avresample_get_delay() return value
- avi: Improve non-interleaved detection (Fixes: libav/666)
- af_channelmap: fix ONE_STR mapping mode
- movenc: allow override of "writing application" tag
- matroskaenc: allow override of "writing application" tag
- avfilter: Add missing emms_c when needed
- build: Use pkg-config for openjpeg (Fixes: libav/387)
- mpeg12: check scantable indices in all decode_block functions
- sgidec: fix buffer size check in expand_rle_row()
- adx: check that the offset is not negative
- mpegvideo: set reference/pict_type on generated reference frames
- h264: Fix various crashes found in samples pointed by Mateusz
"j00ru" Jurczyk and Gynvael Coldwind - Thanks!
* Rebuild is reported to fix vaapi, Closes: #745655
* Fix invocation of dpkg-maintscript helper, LP: #1315672
* cleanup leftovers of the former libav-source package
* Simplify listing packages with dh_listpackage
* Drop transitional arch:all -extra- packages
* Bump standards version to 3.9.5, no changes needed
libav (6:9.11-4) unstable; urgency=medium
* Imported Upstream version 9.11
- bumped severity because of many security relevant changes
- update freetype header detection
libav (6:9.11-3) unstable; urgency=low
* Add upstream patch to enable PIC on s390(x), Closes: #726733
libav (6:9.11-2ubuntu3) utopic; urgency=high
* No change rebuild against librtmp1.
-- Reinhard Tartler <[email protected]> Sun, 04 May 2014 16:11:03 -0400
** Changed in: libav (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libav in Ubuntu.
https://bugs.launchpad.net/bugs/1277173
Title:
February 2014 libav security tracking bug
Status in “libav” package in Ubuntu:
Fix Committed
Status in “libav” source package in Precise:
Fix Released
Status in “libav” source package in Quantal:
Fix Released
Status in “libav” source package in Saucy:
Fix Released
Status in “libav” source package in Trusty:
Fix Released
Bug description:
This is a bug to track the February 2014 libav security updates:
version 0.8.10:
- oggparseogm: check timing variables
- mathematics: remove asserts from av_rescale_rnd()
- vc1: Always reset numref when parsing a new frame header.
- h264: reset num_reorder_frames if it is invalid
- h264: check that an IDR NAL only contains I slices
- mov: Free an earlier allocated array if allocating a new one
- segafilm: fix leaks if reading the header fails
- h264_cavlc: check the size of the intra PCM data.
- cavs: Check for negative cbp
- avi: DV in AVI must be considered single stream
- avutil: use align == 0 for default alignment in audio sample buffer
functions
- flashsv: Check diff_start diff_height values
- dsputil/pngdsp: fix signed/unsigned type in end comparison
- vqavideo: check chunk sizes before reading chunks
- avi: directly resync on DV in AVI read failure
- get_bits: change the failure condition in init_get_bits
- twinvq: Cope with gcc-4.8.2 miscompilation
- pthread: Avoid spurious wakeups
- pthread: Fix deadlock during thread initialization
- mpegvideo: Initialize chroma_*_shift and codec_tag even if the size is 0
- vc1dec: Don't decode slices when the latest slice header failed to decode
- vc1dec: Make sure last_picture is initialized in vc1_decode_skip_blocks
- r3d: Add more input value validation
- fraps: Make the input buffer size checks more strict
- svq3: Avoid a division by zero
- rmdec: Validate the fps value
- twinvqdec: Check the ibps parameter separately
- asfdec: Check the return value of asf_read_stream_properties
- mxfdec: set audio timebase to 1/samplerate
- pcx: Check the packet size before assuming it fits a palette
- rpza: Fix a buffer size check
- xxan: Disallow odd width
- xan: Only read within the data that actually was initialized
- xan: Use bytestream2 to limit reading to within the buffer
- pcx: Consume the whole packet if giving up due to missing palette
- pngdec: Stop trying to decode once inflate returns Z_STREAM_END
- mov: Make sure the read sample count is nonnegative
- bfi: Add some very basic sanity checks for input packet sizes
- bfi: Avoid divisions by zero
- electronicarts: Add more sanity checking for the number of channels
- riffdec: Add sanity checks for the sample rate
- mvi: Add sanity checking for the audio frame size
- xwma: Avoid division by zero
- avidec: Make sure a packet is large enough before reading its data
- vqf: Make sure the bitrate is in the valid range
- vqf: Make sure sample_rate is set to a valid value
- vc1dec: Undo mpegvideo initialization if unable to allocate tables
- vc1dec: Fix leaks in ff_vc1_decode_init_alloc_tables on errors
- wnv1: Make sure the input packet is large enough
- dca: Validate the lfe parameter
- rl2: Avoid a division by zero
- wtv: Add more sanity checks for a length read from the file
- segafilm: Validate the number of audio channels
- qpeg: Add checks for running out of rows in qpeg_decode_inter
- mpegaudiodec: Validate that the number of channels fits at the given offset
- asv1: Verify the amount of extradata
- idroqdec: Make sure a video stream has been allocated before returning
packets
- rv10: Validate the dimensions set from the container
- xmv: Add more sanity checks for parameters read from the bitstream
- ffv1: Make sure at least one slice context is initialized
- truemotion2: Use av_freep properly in an error path
- eacmv: Make sure a reference frame exists before referencing it
- mpeg4videodec: Check the width/height in mpeg4_decode_sprite_trajectory
- ivi_common: Make sure color planes have been initialized
- oggparseogm: Convert to use bytestream2
- rv34: Check the return value from ff_rv34_decode_init
- matroskadec: Verify realaudio codec parameters
- mace: Make sure that the channel count is set to a valid value
- svq3: Check for any negative return value from ff_h264_check_intra_pred_mode
- vp3: Check the framerate for validity
- cavsdec: Make sure a sequence header has been decoded before decoding
pictures
- sierravmd: Do sanity checking of frame sizes
- omadec: Properly check lengths before incrementing the position
- mpc8: Make sure the first stream exists before parsing the seek table
- mpc8: Check the seek table size parsed from the bitstream
- zmbvdec: Check the buffer size for uncompressed data
- ape: Don't allow the seektable to be omitted
- shorten: Break out of loop looking for fmt chunk if none is found
- shorten: Use a checked bytestream reader for the wave header
- smacker: Make sure we don't fill in huffman codes out of range
- smacker: Avoid integer overflow when allocating packets
- smacker: Don't return packets in unallocated streams
- dsicin: Add some basic sanity checks for fields read from the file
- roqvideodec: check dimensions validity
- qdm2: check array index before use, fix out of array accesses
- alsdec: check block length
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1277173/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
