~ubuntu-branches/ubuntu/oneiric/libav/oneiric-security : revision 16

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2012-12-18 10:04:54 UTC
Revision ID: package-import@ubuntu.com-20121218100454-09xmbzz35nra2awz

Tags: 4:0.7.6-0ubuntu0.11.10.2

* SECURITY UPDATE: unspecified security issue in ff_rv34_decode_frame
  - debian/patches/CVE-2012-2772.patch: error out on size changes with
    frame threading in libavcodec/rv34.c.
  - CVE-2012-2772
* SECURITY UPDATE: out of array write in quant_cof
  - debian/patches/CVE-2012-2775.patch: check opt_order in
    libavcodec/alsdec.c.
  - CVE-2012-2775
* SECURITY UPDATE: security issues in decode_pic
  - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
    libavcodec/cavsdec.c.
  - CVE-2012-2777
  - CVE-2012-2784
* SECURITY UPDATE: unspecified vulnerability in the decode_frame
  - debian/patches/CVE-2012-2779.patch: prevent decoding happening on a
    half initialized context in libavcodec/indeo5.c.
  - CVE-2012-2779
* SECURITY UPDATE: out of array write in the decode_wdlt function
  - debian/patches/CVE-2012-2786.patch: check frame_end in
    libavcodec/dfa.c.
  - CVE-2012-2786
* SECURITY UPDATE: out of array read in avi_read_packet function
  - debian/patches/CVE-2012-2788.patch: use accurate size in
    libavformat/avidec.c.
  - CVE-2012-2788
* SECURITY UPDATE: unspecified vulnerability in avi_read_packet
  - debian/patches/CVE-2012-2789.patch: check num_vec_coeffs for validity
    in libavcodec/wmaprodec.c.
  - CVE-2012-2789
* SECURITY UPDATE: unspecified vulnerability in read_var_block_data
  - debian/patches/CVE-2012-2790.patch: fix number of decoded samples in
    libavcodec/alsdec.c.
  - CVE-2012-2790
* SECURITY UPDATE: unspecified vulnerability in lag_decode_zero_run_line
  - debian/patches/CVE-2012-2793.patch: check count before writing zeros
    in libavcodec/lagarith.c.
  - CVE-2012-2793
* SECURITY UPDATE: unspecified vulnerability in decode_mb_info
  - debian/patches/CVE-2012-2794.patch: check tile size in
    libavcodec/indeo5.c.
  - CVE-2012-2794
* SECURITY UPDATE: out of array write in decode_dds1
  - debian/patches/CVE-2012-2798.patch: fix length check in
    libavcodec/dfa.c.
  - CVE-2012-2798
* SECURITY UPDATE: unspecified vulnerability in ff_ivi_process_empty_tile
  - debian/patches/CVE-2012-2800.patch: check tile sizes in
    libavcodec/ivi_common.*, libavcodec/indeo5.c.
  - CVE-2012-2800
* SECURITY UPDATE: out of array writes in avs.c
  - debian/patches/CVE-2012-2801.patch: force dimensions in
    libavcodec/avs.c.
  - CVE-2012-2801