FFmpeg security fixes February 2017 (xenial)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ffmpeg (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
FFmpeg 2.8.11 fixing a number of crashes and other potentially security relevant issues was released.
This includes fixes for CVE-2016-9561, CVE-2017-5024 and CVE-2017-5025.
From the upstream Changelog:
version 2.8.11
- avcodec/h264_slice: Clear ref_counts on redundant slices
- lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
- lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
- avcodec/pictordec: Fix logic error
- avcodec/movtextdec: Fix decode_styl() cleanup
- lavf/matroskadec: fix is_keyframe for early Blocks
- configure: bump year
- avcodec/pngdec: Check trns more completely
- avcodec/
- avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_
- avformat/flacdec: Check avio_read result when reading flac block header.
- avcodec/utils: correct align value for interplay
- avcodec/vp56: Check for the bitstream end, pass error codes on
- avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_
- avcodec/pngdec: Fix off by 1 size in decode_zbuf()
- avformat/avidec: skip odml master index chunks in avi_sync
- avcodec/mjpegdec: Check for rgb before flipping
- avutil/random_seed: Reduce the time needed on systems with very low precision clock()
- avutil/random_seed: Improve get_generic_seed() with higher precision clock()
- avformat/utils: Print verbose error message if stream count exceeds max_streams
- avformat/
- avutil: Add av_image_
- avformat: Add max_streams option
- avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated
- avcodec/
- avformat/oggdec: Skip streams in duration correction that did not had their duration set.
- avcodec/ffv1enc: Fix size of first slice
- pgssubdec: reset rle_data_
information type: | Private Security → Public Security |
Changed in ffmpeg (Ubuntu): | |
importance: | Undecided → Medium |
tags: | added: patch xenial |
Attached is a debdiff. (git repo is at [1])
Testing performed (in a xenial chroot):
* build including test suite works
* installation works
* upgrade works
* autopkgtests pass
1: https:/ /anonscm. debian. org/cgit/ pkg-multimedia/ ffmpeg. git/log/ ?h=xenial