July 2013 libav security tracking bug

Bug #1242802 reported by Marc Deslauriers on 2013-10-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libav (Ubuntu)
Medium
Unassigned
Precise
Medium
Marc Deslauriers
Quantal
Medium
Marc Deslauriers
Raring
Medium
Marc Deslauriers
Saucy
Medium
Marc Deslauriers
Trusty
Medium
Unassigned

Bug Description

This is a bug to track the July 2013 libav security updates:

- kmvc: Clip pixel position to valid range
- kmvc: use fixed sized arrays in the context
- indeo: use a typedef for the mc function pointer
- lavc: check for overflow in init_get_bits
- mjpegdec: properly report unsupported disabled features
- jpegls: return meaningful errors
- jpegls: factorize return paths
- jpegls: check the scan offset
- wavpack: validate samples size parsed in wavpack_decode_block
- ljpeg: use the correct number of components in yuv
- mjpeg: Validate sampling factors
- mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac
- wavpack: check packet size early
- wavpack: return meaningful errors
- apetag: use int64_t for filesize
- tiff: do not overread the source buffer
- Prepare for 0.8.8 Release
- smacker: fix an off by one in huff.length computation
- smacker: check the return value of smacker_decode_tree
- smacker: pad the extradata allocation
- smacker: check frame size validity
- vmdav: convert to bytestream2
- 4xm: don't rely on get_buffer() initializing the frame.
- 4xm: check the return value of read_huffman_tables().
- 4xm: use the correct logging context
- 4xm: reject frames not compatible with the declared version
- 4xm: check bitstream_size boundary before using it
- 4xm: do not overread the source buffer in decode_p_block

Changed in libav (Ubuntu Precise):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Quantal):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Raring):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Saucy):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Trusty):
status: New → Confirmed
importance: Undecided → Medium
Marc Deslauriers (mdeslaur) wrote :

For Precise, Quantal and Raring, also includes fixes from 0.8.7:

- avfiltergraph: check for sws opts being non-NULL before using them
- bmv: check for len being valid in bmv_decode_frame()
- dfa: check for invalid access in decode_wdlt()
- indeo3: check motion vectors
- indeo3: fix data size check
- indeo3: switch parsing the header to bytestream2
- lavf: make sure stream probe data gets freed.
- oggdec: fix faulty cleanup prototype
- oma: Validate sample rates
- qdm2: check that the FFT size is a power of 2
- rv10: check that extradata is large enough
- xmv: check audio track parameters validity
- xmv: do not leak memory in the error paths in xmv_read_header()
- aac: check the maximum number of channels
- indeo3: fix off by one in MV validity check, Bug #503
- id3v2: check for end of file while unescaping tags
- wav: Always seek to an even offset, Bug #500, LP: #1174737
- proresdec: support mixed interlaced/non-interlaced content

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 6:0.8.8-0ubuntu0.13.10.1

---------------
libav (6:0.8.8-0ubuntu0.13.10.1) saucy-security; urgency=low

  * Update to 0.8.8 to fix multiple security issues (LP: #1242802)
 -- Marc Deslauriers <email address hidden> Mon, 21 Oct 2013 13:37:07 -0400

Changed in libav (Ubuntu Saucy):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 6:0.8.8-0ubuntu0.13.04.1

---------------
libav (6:0.8.8-0ubuntu0.13.04.1) raring-security; urgency=low

  * Update to 0.8.8 to fix multiple security issues (LP: #1242802)
 -- Marc Deslauriers <email address hidden> Mon, 21 Oct 2013 13:43:38 -0400

Changed in libav (Ubuntu Raring):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 4:0.8.8-0ubuntu0.12.04.1

---------------
libav (4:0.8.8-0ubuntu0.12.04.1) precise-security; urgency=low

  * Update to 0.8.8 to fix multiple security issues (LP: #1242802)
 -- Marc Deslauriers <email address hidden> Mon, 21 Oct 2013 13:49:45 -0400

Changed in libav (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 6:0.8.8-0ubuntu0.12.10.1

---------------
libav (6:0.8.8-0ubuntu0.12.10.1) quantal-security; urgency=low

  * Update to 0.8.8 to fix multiple security issues (LP: #1242802)
 -- Marc Deslauriers <email address hidden> Mon, 21 Oct 2013 13:45:23 -0400

Changed in libav (Ubuntu Quantal):
status: Confirmed → Fix Released
Changed in libav (Ubuntu Trusty):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers