This bug was fixed in the package libav - 6:0.8.6-1ubuntu1 --------------- libav (6:0.8.6-1ubuntu1) raring; urgency=low
* Merge from debian/unstable, LP: #1160734, remaining changes: - don't build against libdirac, lame, libopenjpeg, librtmp, frei0r, vo-aacenc, vo-amrenc, x264, and xvid (all in universe) - do not build libav-extra-dbg, it is build from the libav-extra source package in ubuntu. - drop libav-regular-dbg, not necessary in ubuntu - Adjust LIB_PKGS/LIB_PKGS2 lists in debian/rules - several ifdefs in debian/rules that allow the use of the same file in libav and libav-extra (most of this can be merged into the debian package) * Tested that co-instability of libavcodec-dev with libavcodec-extra-53 works. LP: #1143929, #1101829 * Remove all debug packages. In ubuntu, we provide debug symbols via the .ddeb infrastructure. libav (6:0.8.6-1) unstable; urgency=low * Imported Upstream version 0.8.6, new releases fixes: - h264: check for luma and chroma bit depth being equal (CVE-2013-2277) - iff: validate CMAP palette size (CVE-2013-2495) - msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) - vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) - Thus, closes: #703200 libav (6:0.8.5-1) unstable; urgency=low * New upstream security/bugfix release. New releases fixes (bug numbers reference http://bugzilla.libav.org, Closes: #694483) - Indeo 4 (CVE-2012-2791) - VP5/VP6 (CVE-2012-2783) - Indeo 3 (CVE-2012-2804) - MPEG-1/2 (CVE-2012-2803) - MP3 (CVE-2012-2797) - AAC (CVE-2012-5144) - AC-3 (CVE-2012-2802) - AVS (CVE-2012-2801) - DFA (CVE-2012-2798) - ID3v2 (Bug 395) - Serious Memory leaks on broken Ogg files * drop recordshow script. This clearly undermaintained script has unclear copyright status and is unlikely to work properly anyway. -- Reinhard Tartler <siret...@tauware.de> Wed, 27 Mar 2013 07:57:15 +0100 ** Changed in: libav (Ubuntu) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2783 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2791 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2797 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2798 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2801 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2802 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2803 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2804 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5144 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1160734 Title: Merge Libav 0.8.6-1 from unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1160734/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs