Ubuntu
ffmpeg package

FFmpeg security fixes May 2015

Bug #1458171 reported by Andreas Cadhalpun on 2015-05-23

258

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

ffmpeg (Ubuntu)

Fix Released

Undecided

Unassigned

You need to log in to change this bug's status.

Affecting:	ffmpeg (Ubuntu)
Filed here by:	Andreas Cadhalpun
When:	2015-05-23
Confirmed:	2015-05-25
Started work:	2015-05-25
Completed:	2015-05-25

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Undecided

Assigned to

	Nobody
	Me

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

FFmpeg 2.5.7 fixing a number of crashes and other potentially security relevant issues was released.
From the upstream Changelog:

version 2.5.7
- avformat/nutdec: Fix recovery when immedeately after seeking a failure happens
- nutdec: fix memleaks on error in nut_read_header
- rtpenc_jpeg: handle case of picture dimensions not dividing by 8
- avformat/mov: Fix parsing short loci
- avcodec/shorten: Fix code depending on signed overflow behavior
- avcodec/proresdec2: Reset slice_count on deallocation
- ffmpeg_opt: Fix -timestamp parsing
- hevc: make avcodec_decode_video2() fail if get_format() fails
- avcodec/mpeg4audio: add some padding/alignment to MAX_PCE_SIZE
- swr: fix alignment issue caused by 8ch sse functions
- libswscale/x86/hscale_fast_bilinear_simd.c: Include BX in the clobber list on x86_64, because it isn't implicitly included when PIC is on.
- aacdec: don't return frames without data
- avformat/matroskadec: Cleanup error handling for bz2 & zlib
- avformat/nutdec: Fix use of uinitialized value
- tools/graph2dot: use larger data types than int for array/string sizes
- id3v2: catch avio_read errors in check_tag
- aacsbr: break infinite loop in sbr_hf_calc_npatches
- diracdec: avoid overflow of bytes*8 in decode_lowdelay
- diracdec: prevent overflow in data_unit_size check
- avidec: avoid infinite loop due to negative ast->sample_size
- pngdec: don't use AV_PIX_FMT_MONOBLACK for apng
- avcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and undefined behavior in fate
- xcbgrab: Validate the capture area
- xcbgrab: Do not assume the non shm image data is always available
- avfilter/lavfutils: disable frame threads when decoding a single image
- nutdec: fix illegal count check in decode_main_header
- ffmpeg: remove incorrect network deinit
- OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
- apedec: set s->samples only when init_frame_decoder succeeded
- swscale/ppc/swscale_altivec.c: POWER LE support in yuv2planeX_8() delete macro GET_VF()
- libvpxenc: only set noise reduction w/vp8
- tests/fate-run: do not attempt to parse tiny_psnrs output if it failed
- alac: reject rice_limit 0 if compression is used
- alsdec: only adapt order for positive max_order
- alsdec: check sample pointer range in revert_channel_correlation
- tests: drop bc dependency
- fate: Include branch information in the payload header

Add tags Tag help

Related branches

lp:ubuntu/vivid-security/ffmpeg

Andreas Cadhalpun (andreas-cadhalpun) on 2015-05-23

information type:

Private Security → Public Security

Andreas Cadhalpun (andreas-cadhalpun) wrote on 2015-05-23:

ffmpeg-2.5.7.diff Edit (77.6 KiB, text/plain)

Attached is a debdiff. (git repo is at [1])

Testing performed (in a vivid chroot):
* build including test suite works
* installation works
* upgrade works
* results of autopkgtests from 2.6.3-1 (in Debian) are unchanged from 2.5.6

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid