Ubuntu
libav package

March 2013 libav security tracking bug

  1. Quantal (12.10)
  2. Bug #1163354
Bug #1163354 reported by Marc Deslauriers
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libav (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Invalid
Medium
Marc Deslauriers
Oneiric
Invalid
Medium
Marc Deslauriers
Precise
Fix Released
Medium
Marc Deslauriers
Quantal
Fix Released
Medium
Marc Deslauriers
Raring
Fix Released
Undecided
Unassigned

Bug Description

This is a bug to track the March 2013 libav security updates:

0.8.6:
    h264: check for luma and chroma bit depth being equal (CVE-2013-2277)
    iff: validate CMAP palette size (CVE-2013-2495)
    msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496)
    vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894)

Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Raring):
status: New → Fix Released
Changed in libav (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Oneiric):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → Medium
Changed in libav (Ubuntu Oneiric):
status: New → Confirmed
importance: Undecided → Medium
Changed in libav (Ubuntu Precise):
status: New → Confirmed
importance: Undecided → Medium
Changed in libav (Ubuntu Quantal):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 4:0.8.6-0ubuntu0.12.04.1

---------------
libav (4:0.8.6-0ubuntu0.12.04.1) precise-security; urgency=low

  * Update to 0.8.6 to fix multiple security issues. (LP: #1163354)
    - CVE-2013-0894
    - CVE-2013-2277
    - CVE-2013-2495
    - CVE-2013-2496
 -- Marc Deslauriers <email address hidden> Tue, 02 Apr 2013 10:48:44 -0400

Changed in libav (Ubuntu Precise):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 6:0.8.6-0ubuntu0.12.10.1

---------------
libav (6:0.8.6-0ubuntu0.12.10.1) quantal-security; urgency=low

  * Update to 0.8.6 to fix multiple security issues. (LP: #1163354)
    - CVE-2013-0894
    - CVE-2013-2277
    - CVE-2013-2495
    - CVE-2013-2496
 -- Marc Deslauriers <email address hidden> Tue, 02 Apr 2013 10:44:55 -0400

Changed in libav (Ubuntu Quantal):
status: Confirmed → Fix Released
jorge alberto garcia barrientos (jorg-gb)
Changed in libav (Ubuntu Oneiric):
status: Confirmed → Incomplete
status: Incomplete → Confirmed
Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Oneiric):
status: Confirmed → Invalid
Changed in libav (Ubuntu Lucid):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.