Update to bugfix release 2.8.8 in Xenial

Bug #1581156 reported by Amr Ibrahim
This bug affects 1 person
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
Fix Released
ffmpeg (Ubuntu)
Fix Released

Bug Description


version 2.8.8
- avformat/movenc: Check packet in mov_write_single_packet() too
- avformat/movenc: Factor check_pkt() out
- avformat/utils: fix timebase error in avformat_seek_file()
- avcodec/g726: Add missing ADDB output mask
- avcodec/avpacket: clear side_data_elems
- avcodec/ccaption_dec: Use simple array instead of AVBuffer
- swscale/swscale_unscaled: Try to fix Rgb16ToPlanarRgb16Wrapper() with slices
- swscale/swscale_unscaled: Fix packed_16bpc_bswap() with slices
- avformat/avidec: Fix infinite loop in avi_read_nikon()
- cmdutils: fix implicit declaration of SetDllDirectory function
- cmdutils: check for SetDllDirectory() availability
- avcodec/aacenc: Tighter input checks
- libavcodec/wmalosslessdec: Check the remaining bits
- avcodec/diracdec: Check numx/y
- avcodec/indeo2: check ctab
- avformat/swfdec: Fix inflate() error code check
- avcodec/h264: Put context_count check back
- cmdutils: remove the current working directory from the DLL search path on win32
- avcodec/raw: Fix decoding of ilacetest.mov
- avcodec/ffv1enc: Fix assertion failure with non zero bits per sample
- avformat/oggdec: Fix integer overflow with invalid pts
- ffplay: Fix invalid array index
- avcodec/vp9_parser: Check the input frame sizes for being consistent
- libavformat/rtpdec_asf: zero initialize the AVIOContext struct
- libavutil/opt: Small bugfix in example.
- libx264: Increase x264 opts character limit to 4096
- avformat/mov: Check sample size
- avformat/format: Fix registering a format more than once and related races
- avcodec/flac_parser: Raise threshold for detecting invalid data
- avfilter/vf_telecine: Make frame writable before writing into it
- avcodec/mpc8: Correct end truncation
- avcodec/mpegvideo: Do not clear the parse context during init
- MAINTAINERs cleanup (remove myself from things i de facto dont maintain)
- avcodec/h264: Fix off by 1 context count
- avcodec/alsdec: Check r to prevent out of array read
- avcodec/alsdec: fix max bits in ltp prefix code
- avcodec/utils: check skip_samples signedness
- avformat/mpegts: Do not trust BSSD descriptor, it is sometimes not an S302M stream
- avcodec/bmp_parser: Check fsize
- avcodec/bmp_parser: reset state
- avcodec/bmp_parser: Fix remaining size
- avcodec/bmp_parser: Fix frame_start_found in cross frame cases
- avfilter/af_amix: dont fail if there are no samples in output_frame()
- avformat/allformats: Making av_register_all() thread-safe.
- avcodec/mpegvideo: Deallocate last/next picture earlier
- avcodec/bmp_parser: Fix state
- avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c
- doc/developer.texi: Add a code of conduct
- avformat/avidec: Detect index with too short entries
- avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id()
- avformat/utils: Do not compute the bitrate from duration == 0
- ffmpeg: Check that r_frame_rate is set before attempting to use it
- swresample/rematrix: Use clipping s16 rematrixing if overflows are possible
- swresample/rematrix: Use error diffusion to avoid error in the DC component of the matrix
- libavformat/oggdec: Free stream private when header parsing fails.
- avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id()
- avformat/oggparseopus: Check that granule pos is within the supported range
- avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg
- avformat/options_table: Add missing identifier for very strict compliance
- librtmp: Avoid an infiniloop setting connection arguments
- avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame

version 2.8.7
- avcodec/motion_est: Attempt to fix "short data segment overflowed" on IA64
- avformat/ffmdec: Check pix_fmt
- avcodec/ttaenc: Reallocate packet if its too small
- pgssubdec: fix subpicture output colorspace and range
- avcodec/ac3dec: Reset SPX when switching from EAC3 to AC3
- avfilter/vf_drawtext: Check return code of load_glyph()
- avcodec/takdec: add code that got somehow lost in process of REing
- avcodec/apedec: fix decoding of stereo files with one channel full of silence
- avcodec/avpacket: Fix off by 5 error
- avcodec/h264: Fix for H.264 configuration parsing
- avcodec/bmp_parser: Ensure remaining_size is not too small in startcode packet crossing corner case
- avfilter/src_movie: fix how we check for overflows with seek_point
- avcodec/j2kenc: Add attribution to OpenJPEG project:
- avcodec/h264_slice: Check PPS more extensively when its not copied
- avcodec/libutvideodec: copy frame so it has reference counters when refcounted_frames is set
- avformat/rtpdec_jpeg: fix low contrast image on low quality setting
- avcodec/mjpegenc_common: Store approximate aspect if exact cannot be stored
- lavc/hevc: Allow arbitrary garbage in bytestream as long as at least one NAL unit is found.
- avcodec/resample: Remove disabled and faulty code
- indeo2: Fix banding artefacts
- indeo2data: K&R formatting cosmetics
- avcodec/imgconvert: Support non-planar colorspaces while padding
- avutil/random_seed: Add the runtime in cycles of the main loop to the entropy pool
- avutil/channel_layout: AV_CH_LAYOUT_6POINT1_BACK not reachable in parsing
- avformat/concatdec: set safe mode to enabled instead of auto
- avformat/utils: fix dts from pts code in compute_pkt_fields() during ascending delay
- avformat/rtpenc: Fix integer overflow in NTP_TO_RTP_FORMAT
- avformat/cache: Fix memleak of tree entries
- lavf/mov: downgrade sidx errors to non-fatal warnings; fixes trac #5216 (cherry picked from commit 22dbc1caaf13e4bb17c9e0164a5b1ccaf490e428)
- lavf/mov: fix sidx with edit lists (cherry picked from commit 3617e69d50dd9dd07b5011dfb9477a9d1a630354)
- avcodec/mjpegdec: Fix decoding slightly odd progressive jpeg
- libwebpenc_animencoder: print library messages in verbose log levels
- libwebpenc_animencoder: zero initialize the WebPAnimEncoderOptions struct
- doc/utils: fix typo for min() description
- avcodec/avpacket: clear priv in av_init_packet()
- swscale/utils: Fix chrSrcHSubSample for GBRAP16
- swscale/input: Fix GBRAP16 input
- postproc: fix unaligned access
- avutil/pixdesc: Make get_color_type() aware of CIE XYZ formats
- avcodec/h264: Execute error concealment before marking the frame as done.
- swscale/x86/output: Fix yuv2planeX_16* with unaligned destination
- swscale/x86/output: Move code into yuv2planeX_mainloop
- avutil/frame: Free destination qp_table_buf in frame_copy_props()

CVE References

Changed in ffmpeg (Ubuntu):
status: New → Confirmed
summary: - Update to bugfix release 2.8.7 in Xenial
+ Update to bugfix release 2.8.8 in Xenial
description: updated
tags: added: xenial
Changed in ffmpeg (Ubuntu):
importance: Undecided → High
Changed in hundredpapercuts:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Andreas Cadhalpun (andreas-cadhalpun) wrote :

Attached is a debdiff. (git repo is at [1])

Testing performed (in a xenial chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-multimedia/ffmpeg.git/log/?h=xenial

information type: Public → Public Security
Mathew Hodson (mhodson)
tags: added: upgrade-software-version
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiff in comment #1, thanks!

Packages are building now and will be released today or tomorrow.


Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 7:2.8.8-0ubuntu0.16.04.1

ffmpeg (7:2.8.8-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Import new upstream bugfix release 2.8.8. (LP: #1581156)
     - Fixes CVE-2016-6164 and CVE-2016-6881.

 -- Andreas Cadhalpun <email address hidden> Sat, 15 Oct 2016 16:58:13 +0200

Changed in ffmpeg (Ubuntu):
status: Confirmed → Fix Released
Changed in hundredpapercuts:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers