All Ubuntu package versions


AllTrustySaucyRaringPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "libavutil49"

Name: libavutil49

Description:

ffmpeg utility library
This is the common utility library from the ffmpeg project. It is required
by all other ffmpeg libraries.

This package contains a Debian-specific version of the libavutil shared
object that should only be used by Debian packages.

Latest version: 4:0.5.9-0ubuntu0.10.04.3
Release: lucid (10.04)
Level: security
Repository: main
Head package: ffmpeg
Homepage: http://ffmpeg.org/

Links

Save this URL for the latest version of "libavutil49": http://www.ubuntuupdates.org/libavutil49

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "libavutil49"

32-bit deb package 64-bit deb package APT INSTALL

Other versions of "libavutil49" in Lucid

RepositoryAreaVersion
base main 4:0.5.1-1ubuntu1
updates main 4:0.5.9-0ubuntu0.10.04.3

Change Log

Version: 4:0.5.9-0ubuntu0.10.04.3 2013-01-28 15:06:33 UTC

  ffmpeg (4:0.5.9-0ubuntu0.10.04.3) lucid-security; urgency=low

  * SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
    - debian/patches/CVE-2012-2783.patch: release frames on error in
      libavcodec/vp56.c.
    - CVE-2012-2783
  * SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
    - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
      once in libavcodec/mpeg12.c.
    - CVE-2012-2803
 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 13:48:47 -0500

Source diff to previous version
1104019 January 2013 libav security tracking bug
CVE-2012-2783 Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame."
CVE-2012-2803 Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, relat

Version: 4:0.5.9-0ubuntu0.10.04.2 2012-12-19 14:07:05 UTC

  ffmpeg (4:0.5.9-0ubuntu0.10.04.2) lucid-security; urgency=low

  * SECURITY UPDATE: security issues in decode_pic
    - debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
      libavcodec/cavsdec.c.
    - CVE-2012-2777
    - CVE-2012-2784
  * SECURITY UPDATE: out of array read in avi_read_packet function
    - debian/patches/CVE-2012-2788.patch: use accurate size in
      libavformat/avidec.c.
    - CVE-2012-2788
  * SECURITY UPDATE: out of array writes in avs.c
    - debian/patches/CVE-2012-2801.patch: force dimensions in
      libavcodec/avs.c.
    - CVE-2012-2801
 -- Marc Deslauriers <email address hidden> Tue, 18 Dec 2012 10:52:37 -0500

Source diff to previous version
CVE-2012-2777 Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to
CVE-2012-2784 Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to
CVE-2012-2788 Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, relate
CVE-2012-2801 Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array wr

Version: 4:0.5.9-0ubuntu0.10.04.1 2012-06-18 14:06:40 UTC

  ffmpeg (4:0.5.9-0ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: Updated to libav 0.5.9 to fix multiple security
    issues. (LP: #1012132)
    - CVE-2011-3929
    - CVE-2011-3936
    - CVE-2011-3940
    - CVE-2011-3947
    - CVE-2011-3951
    - CVE-2011-3952
    - CVE-2012-0851
    - CVE-2012-0852
    - CVE-2012-0853
    - CVE-2012-0858
    - CVE-2012-0859
    - CVE-2012-0947
  * Removed upstreamed patches:
    - CVE-2010-3429.patch
    - CVE-2010-3908.patch
    - CVE-2010-4704.patch
    - CVE-2011-0480.patch
    - CVE-2011-0722.patch
    - CVE-2011-0723.patch
    - CVE-2011-2161.patch
    - CVE-2011-3362.patch
    - CVE-2011-3504.patch
    - CVE-2011-4351.patch
    - CVE-2011-4353.patch
    - CVE-2011-4364.patch
    - CVE-2011-4579.patch
 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 09:14:53 -0400

Source diff to previous version
1012132 June libav/ffmpeg security update tracking bug
CVE-2011-3929 RESERVED
CVE-2011-3936 RESERVED
CVE-2011-3940 RESERVED
CVE-2011-3947 RESERVED
CVE-2011-3951 RESERVED
CVE-2011-3952 RESERVED
CVE-2012-0852 RESERVED
CVE-2012-0853 RESERVED
CVE-2012-0858 RESERVED
CVE-2012-0859 RESERVED
CVE-2012-0947 Heap-based Buffer Overflow in libavcodec
CVE-2010-3429 flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a cr
CVE-2010-3908 RESERVED
CVE-2010-4704 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via
CVE-2011-0480 Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.34
CVE-2011-0722 RESERVED
CVE-2011-0723 RESERVED
CVE-2011-2161 The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows
CVE-2011-3362 libavcodec insufficient boundary check in CAVS
CVE-2011-3504 The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a cr
CVE-2011-4351 QDM2 buffer overflow
CVE-2011-4353 VP5/VP6 DoS
CVE-2011-4364 vmd_decode buffer overflow
CVE-2011-4579 SVQ1 issue

Version: 4:0.5.1-1ubuntu1.3 2012-01-05 16:02:32 UTC

ffmpeg (4:0.5.1-1ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed Matroska file
    - debian/patches/CVE-2011-3504.patch: verify memory allocation failures
      in libavformat/matroskadec.c.
    - CVE-2011-3504
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing QDM2 stream
    - debian/patches/CVE-2011-4351.patch: check boundaries in
      libavcodec/qdm2.c.
    - CVE-2011-4351
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing VP5 or VP6 streams
    - debian/patches/CVE-2011-4353.patch: check indexes in libavcodec/vp5.c
      and libavcodec/vp6.c.
    - CVE-2011-4353
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed VMD file
    - debian/patches/CVE-2011-4364.patch: properly check lengths in
      libavcodec/vmdav.c.
    - CVE-2011-4364
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed file containing svq1 stream
    - debian/patches/CVE-2011-4579.patch: set dimensions after they have
      changed in libavcodec/svq1dec.c.
    - CVE-2011-4579

 -- Marc Deslauriers Wed, 21 Dec 2011 11:30:09 -0500

Source diff to previous version
CVE-2011-3504 The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a cr
CVE-2011-4351 QDM2 buffer overflow
CVE-2011-4353 VP5/VP6 DoS
CVE-2011-4364 vmd_decode buffer overflow
CVE-2011-4579 SVQ1 issue

Version: 4:0.5.1-1ubuntu1.2 2011-09-19 19:01:54 UTC

ffmpeg (4:0.5.1-1ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed APE file
    - debian/patches/CVE-2011-2161.patch: make sure there are frames in
      libavformat/ape.c.
    - CVE-2011-2161
  * SECURITY UPDATE: arbitrary code execution via malformed CAVS file
    - debian/patches/CVE-2011-3362.patch: validate values in
      libavcodec/cavsdec.c.
    - CVE-2011-3362

 -- Marc Deslauriers Fri, 16 Sep 2011 09:45:12 -0400

CVE-2011-2161 The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows
CVE-2011-3362 libavcodec insufficient boundary check in CAVS



About   -   Changelog   -   Send Feedback