This bug was fixed in the package libav - 6:0.8.6-1ubuntu1
---------------
libav (6:0.8.6-1ubuntu1) raring; urgency=low
* Merge from debian/unstable, LP: #1160734, remaining changes:
- don't build against libdirac, lame, libopenjpeg, librtmp, frei0r,
vo-aacenc, vo-amrenc, x264, and xvid (all in universe)
- do not build libav-extra-dbg, it is build from the libav-extra source
package in ubuntu.
- drop libav-regular-dbg, not necessary in ubuntu
- Adjust LIB_PKGS/LIB_PKGS2 lists in debian/rules
- several ifdefs in debian/rules that allow the use of the same file
in libav and libav-extra (most of this can be merged into the debian
package)
* Tested that co-instability of libavcodec-dev with libavcodec-extra-53 works.
LP: #1143929, #1101829
* Remove all debug packages. In ubuntu, we provide debug symbols via the
.ddeb infrastructure.
libav (6:0.8.6-1) unstable; urgency=low
* Imported Upstream version 0.8.6, new releases fixes:
- h264: check for luma and chroma bit depth being equal (CVE-2013-2277)
- iff: validate CMAP palette size (CVE-2013-2495)
- msrledec: convert to bytestream2 API and add proper bounds checking
(CVE-2013-2496)
- vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894)
- Thus, closes: #703200
libav (6:0.8.5-1) unstable; urgency=low
* New upstream security/bugfix release. New releases fixes
(bug numbers reference http://bugzilla.libav.org, Closes: #694483)
- Indeo 4 (CVE-2012-2791)
- VP5/VP6 (CVE-2012-2783)
- Indeo 3 (CVE-2012-2804)
- MPEG-1/2 (CVE-2012-2803)
- MP3 (CVE-2012-2797)
- AAC (CVE-2012-5144)
- AC-3 (CVE-2012-2802)
- AVS (CVE-2012-2801)
- DFA (CVE-2012-2798)
- ID3v2 (Bug 395)
- Serious Memory leaks on broken Ogg files
* drop recordshow script. This clearly undermaintained script has
unclear copyright status and is unlikely to work properly anyway.
-- Reinhard Tartler <siret...@tauware.de> Wed, 27 Mar 2013 07:57:15 +0100
** Changed in: libav (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2783
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2791
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2797
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2798
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2801
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2802
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2803
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2804
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5144
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0894
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2277
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2495
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2496
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libav in Ubuntu.
https://bugs.launchpad.net/bugs/1101829
Title:
Missing alternative libavutil-exta-51 dependency
Status in “libav” package in Ubuntu:
Fix Released
Bug description:
libavutil-dev from quantal (6:0.8.3-6ubuntu2) and quantal-updates
(6:0.8.4-0ubuntu0.12.10.1) only depend on libavutil-51. It should
depend on "libavutil-51 | libavutil-exta-51" instead.
The libavutil-dev package from precise and raring correctly depend on
"libavutil-51 | libavutil-exta-51".
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1101829/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
