1
Candidate: CVE-2011-3937
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3937
6
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x
7
before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x
8
before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before
9
0.8.1 has unspecified impact and attack vectors related to "width/height
10
changing with frame threads."
13
mdeslaur> ffmpeg-extra in multiverse needs to have matching version
14
mdeslaur> libav-extra is built with tarball produced by libav package
15
mdeslaur> libav upstream says fixed multithreaded decoding which was
16
mdeslaur> introduced in 0.7, so older releases not affected.
23
upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba
24
upstream_ffmpeg: needs-triage
25
hardy_ffmpeg: ignored (reached end-of-life)
26
lucid_ffmpeg: not-affected
33
upstream_ffmpeg-extra: needs-triage
34
hardy_ffmpeg-extra: DNE
35
lucid_ffmpeg-extra: not-affected
36
natty_ffmpeg-extra: DNE
37
oneiric_ffmpeg-extra: DNE
38
precise_ffmpeg-extra: DNE
39
devel_ffmpeg-extra: DNE
42
upstream: http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba
43
upstream_libav: released (0.7.5,0.8.1)
46
natty_libav: not-affected
47
oneiric_libav: not-affected
48
precise_libav: not-affected (4:0.8.1-0ubuntu1)
49
devel_libav: not-affected (4:0.8.1-0ubuntu2)
52
upstream_libav-extra: needs-triage
53
hardy_libav-extra: DNE
54
lucid_libav-extra: DNE
55
natty_libav-extra: not-affected
56
oneiric_libav-extra: not-affected
57
precise_libav-extra: not-affected (4:0.8.1ubuntu1)
58
devel_libav-extra: not-affected (4:0.8.1ubuntu1)