Libav security fixes Jul 2014
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| libav (Ubuntu) |
High
|
Reinhard Tartler | ||
| Precise |
Undecided
|
Marc Deslauriers | ||
| Saucy |
Undecided
|
Marc Deslauriers | ||
| Trusty |
Undecided
|
Unassigned | ||
| Utopic |
High
|
Reinhard Tartler |
Bug Description
trusty should get Libav 9.14:
version 9.14:
- adpcm: Write the proper predictor in trellis mode in IMA QT
- adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
- Check mp3 header before calling avpriv_
- Check if an mp3 header is using a reserved sample rate
- lzo: Handle integer overflow (bug/704)
- avconv: make -shortest work with streamcopy
The lzo issue is claimed to be exploitable (remote code execution) on i386.
Reinhard Tartler (siretart) wrote : | #1 |
Changed in libav (Ubuntu): | |
assignee: | nobody → Reinhard Tartler (siretart) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in libav (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in libav (Ubuntu Precise): | |
status: | New → In Progress |
Changed in libav (Ubuntu Saucy): | |
status: | New → In Progress |
Changed in libav (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libav (Ubuntu Saucy): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Reinhard Tartler (siretart) wrote : | #2 |
Utopic already has the latest upstream release including all fixes so far in utopic-proposed. I'm not sure why the transition is stuck at this point, though.
Changed in libav (Ubuntu Utopic): | |
status: | In Progress → Fix Committed |
Marc Deslauriers (mdeslaur) wrote : | #3 |
Thanks for the package!
They are currently building and I will release them when they're done.
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package libav - 6:9.14-
---------------
libav (6:9.14-
* New upstream release 9.14:
- Many security fixes issues LP: #1341216
- adpcm: Write the proper predictor in trellis mode in IMA QT
- adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
- Check mp3 header before calling avpriv_
- Check if an mp3 header is using a reserved sample rate
- lzo: Handle integer overflow (bug/704)
- avconv: make -shortest work with streamcopy
* Drop broken dpkg-maintscript, LP: #1315672
-- Reinhard Tartler <email address hidden> Sat, 12 Jul 2014 18:33:45 -0400
Changed in libav (Ubuntu Trusty): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package libav - 6:0.8.13-
---------------
libav (6:0.8.
* Update to 0.8.13 to fix multiple security issues (LP: #1341216)
-- Marc Deslauriers <email address hidden> Tue, 15 Jul 2014 07:31:39 -0400
Changed in libav (Ubuntu Saucy): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package libav - 4:0.8.13-
---------------
libav (4:0.8.
* Update to 0.8.13 to fix multiple security issues (LP: #1341216)
-- Marc Deslauriers <email address hidden> Tue, 15 Jul 2014 07:24:55 -0400
Changed in libav (Ubuntu Precise): | |
status: | In Progress → Fix Released |
Reinhard Tartler (siretart) wrote : | #7 |
utopic already works with libav 10, nothing left to do here
Changed in libav (Ubuntu Utopic): | |
status: | Fix Committed → Fix Released |
I have uploaded a proposed package to ppa:siretart/ppa (trusty).
Ubuntu- security- sponsors, please copy it to trusty-security