[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
utopic already works with libav 10, nothing left to do here ** Changed in: libav (Ubuntu Utopic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: Fix Released Status in “libav” source package in Precise: Fix Released Status in “libav” source package in Saucy: Fix Released Status in “libav” source package in Trusty: Fix Released Status in “libav” source package in Utopic: Fix Released Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
** Branch linked: lp:ubuntu/precise-security/libav ** Branch linked: lp:ubuntu/saucy-security/libav ** Branch linked: lp:ubuntu/trusty-security/libav -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: Fix Committed Status in “libav” source package in Precise: Fix Released Status in “libav” source package in Saucy: Fix Released Status in “libav” source package in Trusty: Fix Released Status in “libav” source package in Utopic: Fix Committed Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
This bug was fixed in the package libav - 4:0.8.13-0ubuntu0.12.04.1 --- libav (4:0.8.13-0ubuntu0.12.04.1) precise-security; urgency=medium * Update to 0.8.13 to fix multiple security issues (LP: #1341216) -- Marc DeslauriersTue, 15 Jul 2014 07:24:55 -0400 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: Fix Committed Status in “libav” source package in Precise: Fix Released Status in “libav” source package in Saucy: Fix Released Status in “libav” source package in Trusty: Fix Released Status in “libav” source package in Utopic: Fix Committed Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
This bug was fixed in the package libav - 6:0.8.13-0ubuntu0.13.10.1 --- libav (6:0.8.13-0ubuntu0.13.10.1) saucy-security; urgency=medium * Update to 0.8.13 to fix multiple security issues (LP: #1341216) -- Marc DeslauriersTue, 15 Jul 2014 07:31:39 -0400 ** Changed in: libav (Ubuntu Saucy) Status: In Progress => Fix Released ** Changed in: libav (Ubuntu Precise) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: Fix Committed Status in “libav” source package in Precise: Fix Released Status in “libav” source package in Saucy: Fix Released Status in “libav” source package in Trusty: Fix Released Status in “libav” source package in Utopic: Fix Committed Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
This bug was fixed in the package libav - 6:9.14-0ubuntu0.14.04.1 --- libav (6:9.14-0ubuntu0.14.04.1) trusty-security; urgency=medium * New upstream release 9.14: - Many security fixes issues LP: #1341216 - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy * Drop broken dpkg-maintscript, LP: #1315672 -- Reinhard TartlerSat, 12 Jul 2014 18:33:45 -0400 ** Changed in: libav (Ubuntu Trusty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: Fix Committed Status in “libav” source package in Precise: In Progress Status in “libav” source package in Saucy: In Progress Status in “libav” source package in Trusty: Fix Released Status in “libav” source package in Utopic: Fix Committed Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
Thanks for the package! They are currently building and I will release them when they're done. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: Fix Committed Status in “libav” source package in Precise: In Progress Status in “libav” source package in Saucy: In Progress Status in “libav” source package in Trusty: In Progress Status in “libav” source package in Utopic: Fix Committed Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
Utopic already has the latest upstream release including all fixes so far in utopic-proposed. I'm not sure why the transition is stuck at this point, though. ** Changed in: libav (Ubuntu Utopic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: Fix Committed Status in “libav” source package in Precise: In Progress Status in “libav” source package in Saucy: In Progress Status in “libav” source package in Trusty: In Progress Status in “libav” source package in Utopic: Fix Committed Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
** Also affects: libav (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: libav (Ubuntu Utopic) Importance: High Assignee: Reinhard Tartler (siretart) Status: In Progress ** Also affects: libav (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: libav (Ubuntu Saucy) Importance: Undecided Status: New ** Changed in: libav (Ubuntu Trusty) Status: New => In Progress ** Changed in: libav (Ubuntu Precise) Status: New => In Progress ** Changed in: libav (Ubuntu Saucy) Status: New => In Progress ** Changed in: libav (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: libav (Ubuntu Saucy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: In Progress Status in “libav” source package in Precise: In Progress Status in “libav” source package in Saucy: In Progress Status in “libav” source package in Trusty: In Progress Status in “libav” source package in Utopic: In Progress Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1341216] Re: Libav security fixes Jul 2014
I have uploaded a proposed package to ppa:siretart/ppa (trusty). Ubuntu-security-sponsors, please copy it to trusty-security ** Changed in: libav (Ubuntu) Importance: Undecided => High ** Changed in: libav (Ubuntu) Status: New => In Progress ** Changed in: libav (Ubuntu) Assignee: (unassigned) => Reinhard Tartler (siretart) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1341216 Title: Libav security fixes Jul 2014 Status in “libav” package in Ubuntu: In Progress Bug description: trusty should get Libav 9.14: version 9.14: - adpcm: Write the proper predictor in trellis mode in IMA QT - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705) - Check if an mp3 header is using a reserved sample rate - lzo: Handle integer overflow (bug/704) - avconv: make -shortest work with streamcopy The lzo issue is claimed to be exploitable (remote code execution) on i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1341216/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp