* Update to 0.6.4 to fix multiple security issues (LP: #911811):
- SECURITY UPDATE: denial of service and possible code execution via
malformed Matroska file
- CVE-2011-3504
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing QDM2 stream
- CVE-2011-4351
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP3 stream
- CVE-2011-4352
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP5 or VP6 streams
- CVE-2011-4353
- SECURITY UPDATE: denial of service and possible code execution via
malformed VMD file
- CVE-2011-4364
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing svq1 stream
- CVE-2011-4579
* Removed upstreamed patches:
- CVE-2011-1196.patch
- CVE-2011-1931.patch
- CVE-2011-3362.patch
-- Marc Deslauriers <email address hidden> Tue, 03 Jan 2012 15:49:39 -0500
This bug was fixed in the package libav - 4:0.6.4- 0ubuntu0. 11.04.1
--------------- 4-0ubuntu0. 11.04.1) natty-security; urgency=low
libav (4:0.6.
* Update to 0.6.4 to fix multiple security issues (LP: #911811):
- SECURITY UPDATE: denial of service and possible code execution via
malformed Matroska file
- CVE-2011-3504
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing QDM2 stream
- CVE-2011-4351
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP3 stream
- CVE-2011-4352
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP5 or VP6 streams
- CVE-2011-4353
- SECURITY UPDATE: denial of service and possible code execution via
malformed VMD file
- CVE-2011-4364
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing svq1 stream
- CVE-2011-4579
* Removed upstreamed patches:
- CVE-2011-1196.patch
- CVE-2011-1931.patch
- CVE-2011-3362.patch
-- Marc Deslauriers <email address hidden> Tue, 03 Jan 2012 15:49:39 -0500