UbuntuUpdates.org

Package "libvpx"

Name: libvpx

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • VP8 and VP9 video codec encoding/decoding tools
Latest version: 1.5.0-2ubuntu1.1
Release: xenial (16.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libvpx" in Xenial

Repository Area Version
base main 1.5.0-2ubuntu1
base universe 1.5.0-2ubuntu1
security main 1.5.0-2ubuntu1.1
updates main 1.5.0-2ubuntu1.1
updates universe 1.5.0-2ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.0-2ubuntu1.1 2019-11-25 14:06:25 UTC

  libvpx (1.5.0-2ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: image width alignment issue
    - debian/patches/CVE-2017-13194-1.patch: fix image width alignment in
      vpx/src/vpx_image.c.
    - debian/patches/CVE-2017-13194-2.patch: fix alignment without external
      allocation in vpx/src/vpx_image.c.
    - CVE-2017-13194
  * SECURITY UPDATE: double free in ParseContentEncodingEntry
    - debian/patches/CVE-2019-2126.patch: set compression_entries_ to NULL
      in third_party/libwebm/mkvparser/mkvparser.cc.
    - CVE-2019-2126
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-9232.patch: use unsigned char in
      vp8/decoder/dboolhuff.h, vpx_dsp/bitreader.h.
    - CVE-2019-9232
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-9325.patch: fix size in vp9/vp9_dx_iface.c,
      vpx_dsp/bitreader_buffer.c, test/decode_api_test.cc.
    - CVE-2019-9325
  * SECURITY UPDATE: memory disclosure issue
    - debian/patches/CVE-2019-9433.patch: fix use-after-free in
      vp8/common/postproc.c.
    - CVE-2019-9433

 -- Marc Deslauriers <email address hidden> Tue, 19 Nov 2019 11:26:37 -0500
CVE-2017-13194 A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android
CVE-2019-2126 In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote co
CVE-2019-9232 In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional
CVE-2019-9325 In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional
CVE-2019-9433 In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no addi


About   -   Send Feedback to @ubuntu_updates