Ubuntu
libav package

June libav/ffmpeg security update tracking bug

Lucid (10.04)
Bug #1012132

Bug #1012132 reported by Marc Deslauriers on 2012-06-12

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libav (Ubuntu)	Fix Released	Medium	Reinhard Tartler
	Lucid	Invalid	Undecided	Unassigned
	Natty	Fix Released	Medium	Marc Deslauriers
	Oneiric	Fix Released	Medium	Marc Deslauriers
	Precise	Fix Released	Medium	Marc Deslauriers
	Quantal	Fix Released	Medium	Reinhard Tartler

Bug Description

This is a bug to track the June 2012 security updates for libav and ffmpeg.

libav 0.5.9
libav 0.6.6
libav 0.7.6
libav 0.8.3

Related branches

lp:ubuntu/precise-security/libav

lp:ubuntu/natty-security/libav

lp:ubuntu/oneiric-security/libav

lp:ubuntu/lucid-security/ffmpeg-extra

lp:ubuntu/lucid-security/ffmpeg

lp:ubuntu/lucid-updates/ffmpeg

lp:~medibuntu-maintainers/ffmpeg/medibuntu.lucid

CVE References

Marc Deslauriers (mdeslaur) on 2012-06-12

visibility:

private → public

Marc Deslauriers (mdeslaur) on 2012-06-12

Changed in libav (Ubuntu Lucid):
status:	New → Invalid
Changed in libav (Ubuntu Natty):
status:	New → Confirmed
Changed in libav (Ubuntu Oneiric):
status:	New → Confirmed
Changed in libav (Ubuntu Quantal):
status:	New → Fix Released
Changed in libav (Ubuntu Precise):
status:	New → Confirmed
Changed in libav (Ubuntu Natty):
importance:	Undecided → Medium
Changed in libav (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in libav (Ubuntu Precise):
importance:	Undecided → Medium
Changed in libav (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in libav (Ubuntu Natty):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Oneiric):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Precise):
assignee:	nobody → Marc Deslauriers (mdeslaur)

Revision history for this message

Reinhard Tartler (siretart) wrote on 2012-06-12:

#1

why is lucid status 'invalid'? libav 0.5.9 seems applicable to me (at least that's why I'm doing 0.5 releases upstream after all).

Changed in libav (Ubuntu Quantal):
assignee:	nobody → Reinhard Tartler (siretart)

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-06-12:

#2

Because the source package in Lucid is called "ffmpeg", but a launchpad timeout is preventing me from adding "ffmpeg" to this bug at this time.

Revision history for this message

Reinhard Tartler (siretart) wrote on 2012-06-12: Re: [Bug 1012132] Re: June libav/ffmpeg security update tracking bug

#3

On Di, Jun 12, 2012 at 18:48:22 (CEST), Marc Deslauriers wrote:

> Because the source package in Lucid is called "ffmpeg", but a launchpad
> timeout is preventing me from adding "ffmpeg" to this bug at this
> time.

I see. Well, in any case, libav 0.5.9 is a drop-in replacement for the
ffmpeg package in lucid, with minimal, security only changes. In Debian,
the source package is still called ffmpeg, although the contents are
taken from libav.

--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-06-12:

#4

Yes, I am using libav 0.5.9 as the update for Lucid (but renamed to ffmpeg, as in Debian). The package is currently going through QA.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-06-18:

#5

This bug was fixed in the package libav - 4:0.8.3-0ubuntu0.12.04.1

---------------
libav (4:0.8.3-0ubuntu0.12.04.1) precise-security; urgency=low

  * Update to 0.8.3 to fix multiple security issues. (LP: #1012132)
    - CVE-2012-0851
    - CVE-2012-0947
  * debian/patches/04-ffmpeg-warning-change.patch: Update warning to make
    clearer the deprecation of ffmpeg binary. (LP: #939863)
-- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 10:14:44 -0400

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-06-18:

#6

This bug was fixed in the package libav - 4:0.7.6-0ubuntu0.11.10.1

---------------
libav (4:0.7.6-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
    - CVE-2011-3929
    - CVE-2011-3936
    - CVE-2011-3940
    - CVE-2011-3945
    - CVE-2011-3947
    - CVE-2011-3951
    - CVE-2011-3952
    - CVE-2011-4031
    - CVE-2012-0848
    - CVE-2012-0850
    - CVE-2012-0851
    - CVE-2012-0852
    - CVE-2012-0853
    - CVE-2012-0858
    - CVE-2012-0859
    - CVE-2012-0947
-- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 09:38:34 -0400

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-06-18:

#7

This bug was fixed in the package libav - 4:0.6.6-0ubuntu0.11.04.1

---------------
libav (4:0.6.6-0ubuntu0.11.04.1) natty-security; urgency=low

  * Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
    - CVE-2011-3929
    - CVE-2011-3936
    - CVE-2011-3940
    - CVE-2011-3945
    - CVE-2011-3947
    - CVE-2011-3951
    - CVE-2011-3952
    - CVE-2012-0850
    - CVE-2012-0851
    - CVE-2012-0852
    - CVE-2012-0853
    - CVE-2012-0858
    - CVE-2012-0859
    - CVE-2012-0947
-- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 10:26:36 -0400

Changed in libav (Ubuntu Natty):
status:	Confirmed → Fix Released
Changed in libav (Ubuntu Oneiric):
status:	Confirmed → Fix Released
Changed in libav (Ubuntu Precise):
status:	Confirmed → Fix Released

tsultana (tsultana) on 2012-06-20

visibility:

public → private

Marc Deslauriers (mdeslaur) on 2012-06-20

security vulnerability:	yes → no
visibility:	private → public

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.