Ubuntu
libav package

January 2013 libav security tracking bug

Bug #1104019 reported by Marc Deslauriers on 2013-01-24

258

This bug affects 1 person

	Status	Importance	Assigned to
libav (Ubuntu)	Fix Released	Undecided	Marc Deslauriers
Oneiric	Fix Released	Undecided	Marc Deslauriers
Precise	Fix Released	Undecided	Marc Deslauriers
Quantal	Fix Released	Undecided	Marc Deslauriers
Raring	Fix Released	Undecided	Marc Deslauriers

Bug Description

This is a bug to track the January 2013 libav security updates:

- 0.8.5 so far:
Indeo 4 (CVE-2012-2791)
VP5/VP6 (CVE-2012-2783)
Indeo 3 (CVE-2012-2804)
MPEG-1/2 (CVE-2012-2803)
MP3 (CVE-2012-2797)
AAC (CVE-2012-5144)
AC-3 (CVE-2012-2802)
AVS (CVE-2012-2801)
DFA (CVE-2012-2798)

Related branches

lp:ubuntu/raring-proposed/libav

lp:ubuntu/oneiric-security/libav

lp:ubuntu/precise-security/libav

lp:ubuntu/quantal-security/libav

lp:ubuntu/lucid-security/ffmpeg-extra

lp:ubuntu/lucid-security/ffmpeg

lp:ubuntu/lucid-updates/ffmpeg

lp:~medibuntu-maintainers/ffmpeg/medibuntu.lucid

CVE References

Marc Deslauriers (mdeslaur) on 2013-01-24

Changed in libav (Ubuntu Oneiric):
status:	New → Confirmed
Changed in libav (Ubuntu Precise):
status:	New → Confirmed
Changed in libav (Ubuntu Quantal):
status:	New → Confirmed
Changed in libav (Ubuntu Raring):
status:	New → Confirmed
Changed in libav (Ubuntu Oneiric):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Precise):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Quantal):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Raring):
assignee:	nobody → Marc Deslauriers (mdeslaur)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-01-25:

This bug was fixed in the package libav - 6:0.8.5-0ubuntu1

---------------
libav (6:0.8.5-0ubuntu1) raring; urgency=low

  * Update to 0.8.5 to fix multiple security issues. (LP: #1104019)
    - CVE-2012-2783
    - CVE-2012-2791
    - CVE-2012-2797
    - CVE-2012-2798
    - CVE-2012-2801
    - CVE-2012-2802
    - CVE-2012-2803
    - CVE-2012-2804
    - CVE-2012-5144
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 08:05:12 -0500

Changed in libav (Ubuntu Raring):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-01-28:

This bug was fixed in the package libav - 4:0.8.5-0ubuntu0.12.04.1

---------------
libav (4:0.8.5-0ubuntu0.12.04.1) precise-security; urgency=low

Changed in libav (Ubuntu Precise):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-01-28:

This bug was fixed in the package libav - 6:0.8.5-0ubuntu0.12.10.1

---------------
libav (6:0.8.5-0ubuntu0.12.10.1) quantal-security; urgency=low

Changed in libav (Ubuntu Quantal):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-01-28:

This bug was fixed in the package libav - 4:0.7.6-0ubuntu0.11.10.3

---------------
libav (4:0.7.6-0ubuntu0.11.10.3) oneiric-security; urgency=low

  * SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
    - debian/patches/CVE-2012-2783.patch: release frames on error in
      libavcodec/vp56.c.
    - CVE-2012-2783
  * SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
    - debian/patches/CVE-2012-2791.patch: check that scan pattern is set
      before using it in libavcodec/ivi_common.c.
    - CVE-2012-2791
  * SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
    - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
      once in libavcodec/mpeg12.c.
    - CVE-2012-2803
  * SECURITY UPDATE: issue in AAC decoding
    - debian/patches/CVE-2012-5144.patch: fix off-by-one in
      libavcodec/aacdec.c.
    - CVE-2012-5144
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 13:31:43 -0500

Changed in libav (Ubuntu Oneiric):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibav package

January 2013 libav security tracking bug

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
libav package