January 2013 libav security tracking bug

Bug #1104019 reported by Marc Deslauriers on 2013-01-24
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libav (Ubuntu)
Undecided
Marc Deslauriers
Oneiric
Undecided
Marc Deslauriers
Precise
Undecided
Marc Deslauriers
Quantal
Undecided
Marc Deslauriers
Raring
Undecided
Marc Deslauriers

Bug Description

This is a bug to track the January 2013 libav security updates:

- 0.8.5 so far:
 Indeo 4 (CVE-2012-2791)
VP5/VP6 (CVE-2012-2783)
Indeo 3 (CVE-2012-2804)
MPEG-1/2 (CVE-2012-2803)
MP3 (CVE-2012-2797)
AAC (CVE-2012-5144)
AC-3 (CVE-2012-2802)
AVS (CVE-2012-2801)
DFA (CVE-2012-2798)

Changed in libav (Ubuntu Oneiric):
status: New → Confirmed
Changed in libav (Ubuntu Precise):
status: New → Confirmed
Changed in libav (Ubuntu Quantal):
status: New → Confirmed
Changed in libav (Ubuntu Raring):
status: New → Confirmed
Changed in libav (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Raring):
assignee: nobody → Marc Deslauriers (mdeslaur)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 6:0.8.5-0ubuntu1

---------------
libav (6:0.8.5-0ubuntu1) raring; urgency=low

  * Update to 0.8.5 to fix multiple security issues. (LP: #1104019)
    - CVE-2012-2783
    - CVE-2012-2791
    - CVE-2012-2797
    - CVE-2012-2798
    - CVE-2012-2801
    - CVE-2012-2802
    - CVE-2012-2803
    - CVE-2012-2804
    - CVE-2012-5144
 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 08:05:12 -0500

Changed in libav (Ubuntu Raring):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 4:0.8.5-0ubuntu0.12.04.1

---------------
libav (4:0.8.5-0ubuntu0.12.04.1) precise-security; urgency=low

  * Update to 0.8.5 to fix multiple security issues. (LP: #1104019)
    - CVE-2012-2783
    - CVE-2012-2791
    - CVE-2012-2797
    - CVE-2012-2798
    - CVE-2012-2801
    - CVE-2012-2802
    - CVE-2012-2803
    - CVE-2012-2804
    - CVE-2012-5144
 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 09:14:05 -0500

Changed in libav (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 6:0.8.5-0ubuntu0.12.10.1

---------------
libav (6:0.8.5-0ubuntu0.12.10.1) quantal-security; urgency=low

  * Update to 0.8.5 to fix multiple security issues. (LP: #1104019)
    - CVE-2012-2783
    - CVE-2012-2791
    - CVE-2012-2797
    - CVE-2012-2798
    - CVE-2012-2801
    - CVE-2012-2802
    - CVE-2012-2803
    - CVE-2012-2804
    - CVE-2012-5144
 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 08:15:51 -0500

Changed in libav (Ubuntu Quantal):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 4:0.7.6-0ubuntu0.11.10.3

---------------
libav (4:0.7.6-0ubuntu0.11.10.3) oneiric-security; urgency=low

  * SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
    - debian/patches/CVE-2012-2783.patch: release frames on error in
      libavcodec/vp56.c.
    - CVE-2012-2783
  * SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
    - debian/patches/CVE-2012-2791.patch: check that scan pattern is set
      before using it in libavcodec/ivi_common.c.
    - CVE-2012-2791
  * SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
    - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
      once in libavcodec/mpeg12.c.
    - CVE-2012-2803
  * SECURITY UPDATE: issue in AAC decoding
    - debian/patches/CVE-2012-5144.patch: fix off-by-one in
      libavcodec/aacdec.c.
    - CVE-2012-5144
 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 13:31:43 -0500

Changed in libav (Ubuntu Oneiric):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers