Libav security fixes Jul 2014
Bug #1341216 reported by
Reinhard Tartler
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libav (Ubuntu) |
Fix Released
|
High
|
Reinhard Tartler | ||
Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Saucy |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
High
|
Reinhard Tartler |
Bug Description
trusty should get Libav 9.14:
version 9.14:
- adpcm: Write the proper predictor in trellis mode in IMA QT
- adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
- Check mp3 header before calling avpriv_
- Check if an mp3 header is using a reserved sample rate
- lzo: Handle integer overflow (bug/704)
- avconv: make -shortest work with streamcopy
The lzo issue is claimed to be exploitable (remote code execution) on i386.
Changed in libav (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in libav (Ubuntu Precise): | |
status: | New → In Progress |
Changed in libav (Ubuntu Saucy): | |
status: | New → In Progress |
Changed in libav (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libav (Ubuntu Saucy): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
To post a comment you must log in.
I have uploaded a proposed package to ppa:siretart/ppa (trusty).
Ubuntu- security- sponsors, please copy it to trusty-security