-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2011-04-05 19:09:22 UTC
-
Revision ID:
james.westby@ubuntu.com-20110405190922-40rk1yy5m2hpr5ps
Tags: 4:0.5+svn20090706-2ubuntu3.1
* SECURITY UPDATE: arbitrary code execution via crafted flic file
- debian/patches/CVE-2010-3429.patch: add checks to
libavcodec/flicvideo.c.
- CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
(LP: #690169)
- debian/patches/CVE-2010-3908.patch: properly calculate size in
libavcodec/utils.c.
- CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
- debian/patches/CVE-2010-4704.patch: validate codebook in
libavcodec/vorbis_dec.c.
- CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
crafted WebM file
- debian/patches/CVE-2011-0480.patch: check rangebits in
libavcodec/vorbis_dec.c.
- CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
(LP: #690169)
- debian/patches/CVE-2011-0722.patch: set dimensions in
libavcodec/rv34.c.
- CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
crafted VC1 file (LP: #690169)
- debian/patches/CVE-2011-0723.patch: fix invalid reads in
libavcodec/vc1dec.c.
- CVE-2011-0723
* SECURITY UPDATE: Fix a multitude of security issues
- debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
existence before assignment
- debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
indexes
- debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
value
- debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
per-packet mode indexes and per-header mode mapping indexes
- debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
index and subclass book index.
- debian/patches/CVE-2009-46XX/security-issue08.patch: check
res_setup->books
- debian/patches/CVE-2009-46XX/security-issue09.patch: check
begin/end/partition_size
- debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
of channels & samplerate
- debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
check
- debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
for magnitude and angle
- debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
- debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
against 0 too
- debian/patches/CVE-2009-46XX/security-issue15.patch: fix
init_get_bits() buffer size
- debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
all memory allocations succeed
- debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
buffer over-read in vorbis_comment
- debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
0 to avoid having it uninitialized
- debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
for ogg streams where no ogg header was found
- CVE-2009-4632
- CVE-2009-4633
- CVE-2009-4634
- CVE-2009-4635
- CVE-2009-4637
- CVE-2009-4639
- CVE-2009-4640