[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
Problems with Libav dependencies for ubuntu precise, the files in question are 5 packets, (libavcodec53, 4:0.8.15-0ubuntu0.12.04.1), (libavdevice53, 4:0.8.15-0ubuntu0.12.04.1), (libavformat53, 4:0.8.15-0ubuntu0.12.04.1), (libpostproc52, 4:0.8.15-0ubuntu0.12.04.1), (libswscale2, 4:0.8.15-0ubuntu0.12.04.1) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: Confirmed Status in “libav” source package in Precise: Fix Released Status in “libav” source package in Trusty: In Progress Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: libav (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: Confirmed Status in “libav” source package in Precise: Fix Released Status in “libav” source package in Trusty: In Progress Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
At least for precise, libav-extra also needs to be updated to 0.8.15 ** Also affects: libav-extra (Ubuntu) Importance: Undecided Status: New ** Changed in: libav-extra (Ubuntu Trusty) Status: New = Invalid ** Changed in: libav-extra (Ubuntu Precise) Importance: Undecided = High ** Changed in: libav-extra (Ubuntu Precise) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: Fix Released Status in “libav-extra” package in Ubuntu: Invalid Status in “libav” source package in Precise: Fix Released Status in “libav-extra” source package in Precise: Confirmed Status in “libav” source package in Trusty: Fix Released Status in “libav-extra” source package in Trusty: Invalid Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
Ah, yes, I seem to have forgotten to update libav-extra once again. I'll push out an update in a few minutes. ** Changed in: libav-extra (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: libav (Ubuntu Trusty) Status: In Progress = Fix Released ** Changed in: libav (Ubuntu) Status: Confirmed = Fix Released ** Changed in: libav-extra (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: Fix Released Status in “libav-extra” package in Ubuntu: Invalid Status in “libav” source package in Precise: Fix Released Status in “libav-extra” source package in Precise: Confirmed Status in “libav” source package in Trusty: Fix Released Status in “libav-extra” source package in Trusty: Invalid Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
OK, updated libav-extra has been published. ** Changed in: libav-extra (Ubuntu Precise) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: Fix Released Status in “libav-extra” package in Ubuntu: Invalid Status in “libav” source package in Precise: Fix Released Status in “libav-extra” source package in Precise: Fix Released Status in “libav” source package in Trusty: Fix Released Status in “libav-extra” source package in Trusty: Invalid Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
** Branch linked: lp:ubuntu/precise-security/libav -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: New Status in “libav” source package in Precise: Fix Released Status in “libav” source package in Trusty: In Progress Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
Package built fine: https://launchpad.net/~siretart/+archive/ubuntu/ppa?field.series_filter=trusty ** Changed in: libav (Ubuntu Trusty) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: New Status in “libav” source package in Trusty: New Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
