On Fri, Jan 06, 2017 at 11:32:49AM +0100, Hugo Lefeuvre wrote: > > Could you summarize us the status of your work on the 0.8 branch ? > > I've had a look at the new CVEs reported for libav. I managed to > reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but > cherry picking the fix[0,1,2] for these issues doesn't seem to fix > the problem. > > I have also tried to reproduce CVE-2016-98{19,20,23,24,25,26}, but > I am not getting the same error messages as those mentionned on the > CVE report. No segfault. Instead, avconv is just ending with error > messages like "Error at MB: 0", or "Error while decoding stream #0:0", > which doesn't help me to determine whether this behavior is normal or > not.
I just released libav 0.8.20 with some more fixes, changelog below. Diego version 0.8.20: - mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id: 980, CVE-2016-9820) - mpegvideo: Fix undefined negative shifts in ff_init_block_index (Bug-Id: 980, CVE-2016-9819) - mpeg12dec: move setting first_field to mpeg_field_start() (Bug-ID: 999) - mpeg12dec: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9822) - mpegvideo_parser: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9821) - h264: Use the right H264Context for struct member comparison
signature.asc
Description: Digital signature