Merge Libav 0.8.6-1 from unstable
Bug #1160734 reported by
Reinhard Tartler
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libav (Ubuntu) |
Fix Released
|
High
|
Reinhard Tartler |
Bug Description
The package 0.8.6 from unstable fixes 4 CVEs:
h264: check for luma and chroma bit depth being equal (CVE-2013-2277)
iff: validate CMAP palette size (CVE-2013-2495)
msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496)
vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894)
To post a comment you must log in.
I've pushed my work in progress branch. The package at least builds locally, but I have yet to test it. Moreover, debian/changelog needs improvement.