-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2016-04-01 08:30:13 UTC
-
Revision ID:
package-import@ubuntu.com-20160401083013-0lnfgxx54ftusm25
Tags: 4:0.8.17-0ubuntu0.12.04.2
* SECURITY UPDATE: invalid memory access via crafted MJPEG data
- debian/patches/CVE-2014-8541.patch: check for pixel format changes in
libavcodec/mjpegdec.c.
- CVE-2014-8541
* SECURITY UPDATE: out of array access in ff_mjpeg_decode_sof
- debian/patches/CVE-2015-1872.patch: check number of components in
libavcodec/mjpegdec.c.
- CVE-2015-1872
* SECURITY UPDATE: out of bounds array access in msrle_decode_pal4
- debian/patches/CVE-2015-3395.patch: determine frame size in
libavcodec/msrledec.c.
- CVE-2015-3395
* SECURITY UPDATE: size issue in ff_h263_decode_picture_header
- debian/patches/CVE-2015-5479.patch: check both dimensions in
libavcodec/ituh263dec.c.
- CVE-2015-5479
* SECURITY UPDATE: out of bounds array access in decode_ihdr_chunk
- debian/patches/CVE-2015-6818.patch: only allow one IHDR chunk in
libavcodec/pngdec.c.
- CVE-2015-6818
* SECURITY UPDATE: out of bounds array access in ff_sbr_apply
- debian/patches/CVE-2015-6820.patch: check that the element type
matches in libavcodec/aacsbr.c, libavcodec/sbr.h.
- CVE-2015-6820
* SECURITY UPDATE: uninitialized memory access in sws_init_context
- debian/patches/CVE-2015-6824.patch: clear buffers in
libswscale/utils.c
- CVE-2015-6824
* SECURITY UPDATE: invalid pointer use in ff_rv34_decode_init_thread_copy
- debian/patches/CVE-2015-6826.patch: clear pointers in
libavcodec/rv34.c.
- CVE-2015-6826
* SECURITY UPDATE: integer overflow in ff_ivi_init_planes
- debian/patches/CVE-2015-8364.patch: check image dimensions in
libavcodec/ivi_common.c.
- CVE-2015-8364
* SECURITY UPDATE: out of bounds array access in smka_decode_frame
- debian/patches/CVE-2015-8365.patch: validate data size in
libavcodec/smacker.c.
- CVE-2015-8365
* SECURITY UPDATE: cross-origin attack and arbitrary file read via the
concat protocol
- debian/confflags: disable concat protocol.
- CVE-2016-1897
- CVE-2016-1898
* SECURITY UPDATE: integer overflow in asf_write_packet
- debian/patches/CVE-2016-2326.patch: check pts in
libavformat/asfenc.c.
- CVE-2016-2326
* SECURITY UPDATE: out of bounds array access via tga file
- debian/patches/CVE-2016-2330.patch: fix lzw buffer size in
libavcodec/gif.c.
- CVE-2016-2330