-
libav (4:0.7.6-0ubuntu0.11.10.3) oneiric-security; urgency=low
* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
- debian/patches/CVE-2012-2783.patch: release frames on error in
libavcodec/vp56.c.
- CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
- debian/patches/CVE-2012-2791.patch: check that scan pattern is set
before using it in libavcodec/ivi_common.c.
- CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
- debian/patches/CVE-2012-2803.patch: do not decode extradata more than
once in libavcodec/mpeg12.c.
- CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
- debian/patches/CVE-2012-5144.patch: fix off-by-one in
libavcodec/aacdec.c.
- CVE-2012-5144
-- Marc Deslauriers <email address hidden> Thu, 24 Jan 2013 13:31:43 -0500
-
libav (4:0.7.6-0ubuntu0.11.10.2) oneiric-security; urgency=low
* SECURITY UPDATE: unspecified security issue in ff_rv34_decode_frame
- debian/patches/CVE-2012-2772.patch: error out on size changes with
frame threading in libavcodec/rv34.c.
- CVE-2012-2772
* SECURITY UPDATE: out of array write in quant_cof
- debian/patches/CVE-2012-2775.patch: check opt_order in
libavcodec/alsdec.c.
- CVE-2012-2775
* SECURITY UPDATE: security issues in decode_pic
- debian/patches/CVE-2012-2777-2784.patch: prevent changing w/h in
libavcodec/cavsdec.c.
- CVE-2012-2777
- CVE-2012-2784
* SECURITY UPDATE: unspecified vulnerability in the decode_frame
- debian/patches/CVE-2012-2779.patch: prevent decoding happening on a
half initialized context in libavcodec/indeo5.c.
- CVE-2012-2779
* SECURITY UPDATE: out of array write in the decode_wdlt function
- debian/patches/CVE-2012-2786.patch: check frame_end in
libavcodec/dfa.c.
- CVE-2012-2786
* SECURITY UPDATE: out of array read in avi_read_packet function
- debian/patches/CVE-2012-2788.patch: use accurate size in
libavformat/avidec.c.
- CVE-2012-2788
* SECURITY UPDATE: unspecified vulnerability in avi_read_packet
- debian/patches/CVE-2012-2789.patch: check num_vec_coeffs for validity
in libavcodec/wmaprodec.c.
- CVE-2012-2789
* SECURITY UPDATE: unspecified vulnerability in read_var_block_data
- debian/patches/CVE-2012-2790.patch: fix number of decoded samples in
libavcodec/alsdec.c.
- CVE-2012-2790
* SECURITY UPDATE: unspecified vulnerability in lag_decode_zero_run_line
- debian/patches/CVE-2012-2793.patch: check count before writing zeros
in libavcodec/lagarith.c.
- CVE-2012-2793
* SECURITY UPDATE: unspecified vulnerability in decode_mb_info
- debian/patches/CVE-2012-2794.patch: check tile size in
libavcodec/indeo5.c.
- CVE-2012-2794
* SECURITY UPDATE: out of array write in decode_dds1
- debian/patches/CVE-2012-2798.patch: fix length check in
libavcodec/dfa.c.
- CVE-2012-2798
* SECURITY UPDATE: unspecified vulnerability in ff_ivi_process_empty_tile
- debian/patches/CVE-2012-2800.patch: check tile sizes in
libavcodec/ivi_common.*, libavcodec/indeo5.c.
- CVE-2012-2800
* SECURITY UPDATE: out of array writes in avs.c
- debian/patches/CVE-2012-2801.patch: force dimensions in
libavcodec/avs.c.
- CVE-2012-2801
-- Marc Deslauriers <email address hidden> Tue, 18 Dec 2012 10:04:54 -0500
-
libav (4:0.7.6-0ubuntu0.11.10.1) oneiric-security; urgency=low
* Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
- CVE-2011-3929
- CVE-2011-3936
- CVE-2011-3940
- CVE-2011-3945
- CVE-2011-3947
- CVE-2011-3951
- CVE-2011-3952
- CVE-2011-4031
- CVE-2012-0848
- CVE-2012-0850
- CVE-2012-0851
- CVE-2012-0852
- CVE-2012-0853
- CVE-2012-0858
- CVE-2012-0859
- CVE-2012-0947
-- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 09:38:34 -0400
-
libav (4:0.7.3-0ubuntu0.11.10.1) oneiric-security; urgency=low
* Update to 0.7.3 to fix multiple security issues (LP: #911811):
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing QDM2 stream
- CVE-2011-4351
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP3 stream
- CVE-2011-4352
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing VP5 or VP6 streams
- CVE-2011-4353
- SECURITY UPDATE: denial of service and possible code execution via
malformed VMD file
- CVE-2011-4364
- SECURITY UPDATE: denial of service and possible code execution via
malformed file containing svq1 stream
- CVE-2011-4579
-- Marc Deslauriers <email address hidden> Tue, 03 Jan 2012 15:31:49 -0500
-
libav (4:0.7.2-1ubuntu1) oneiric; urgency=low
* Merge from debian, remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg,
lame, xvid, x264 (all in universe)
- not installing into multiarch directories
* This new upstream release has basically merged in all 70 patches that
are present in 4:0.7.1-7ubuntu2, plus some additional, similarily
focused ones.
libav (4:0.7.2-1) unstable; urgency=low
* New upstream release: 0.7.2
- Security focused release
- Includes Matroska reallocation checks, Closes: #643859
* Drop all post 0.7.1 patches, included upstream.
-- Reinhard Tartler <email address hidden> Sat, 01 Oct 2011 00:22:07 +0200
-
libav (4:0.7.1-7ubuntu2) oneiric; urgency=low
* Revert "Convert package to include multiarch support."
libav (4:0.7.1-7ubuntu1) oneiric; urgency=medium
* Merge from debian/unstable
- don't build against libfaad, libdirac, librtmp and libopenjpeg,
lame, xvid, x264 (all in universe)
- Introduces Security fix for CVE-2011-3362
- Fixes LP: #835903
* post-0.7.1/0070-Fix-memory-re-allocation-in-matroskadec.c-related-to.patch:
- fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080
libav (4:0.7.1-7) unstable; urgency=medium
* Add 63 (!) additional post 0.7.1 patches
- all scheduled for next upstream point release
- Fix missing CAVS boundary checks, Closes: #641478, Fixes: CVE-2011-3362
* Medium urgency for fixing a security issue
* Drop debian/patches/03-fix-movrel.patch, better patch upstream
* prefer libtiff4 over libtiff5 for now
libav (4:0.7.1-6) unstable; urgency=low
* Convert package to include multiarch support.
libav (4:0.7.1-5) unstable; urgency=low
* sync patches with upstream release branch
* Fix segmentation fault on ppc32, Closes: #639948
libav (4:0.7.1-4) unstable; urgency=low
* upload to unstable
-- Reinhard Tartler <email address hidden> Wed, 28 Sep 2011 09:18:34 +0200
-
libav (4:0.7.1-3ubuntu1) oneiric; urgency=low
* Merge from debian/unstable
- don't build against libfaad, libdirac, librtmp and libopenjpeg,
lame, xvid, x264 (all in universe)
* Drop extra conflicts on libswscale-extra-1
libav (4:0.7.1-3) experimental; urgency=low
* add post 0.7.1 patches
* make MAP_ANONYMOUS available on Linux and the Hurd, Closes: #637516
* libpostproc: filter name needs to be double 0 terminated
* relax dependencies in the shlibs file to accomodate
the new versioning scheme in libav-extra. Fixes LP: #818619
* libswscale-dev: fix alternate on libswscale-extra-2, Fixes LP: #829857
libav (4:0.7.1-2) experimental; urgency=low
* Build against libx264. Closes: #418228, #440681
* Build against libmp3lame, Closes: #587904
* Build against xvidcore to enable xvid encoding
* use yasm on every architecture. Should allow building on the Hurd
-- Reinhard Tartler <email address hidden> Fri, 26 Aug 2011 11:12:43 +0200
-
libav (4:0.7.1-1ubuntu3) oneiric; urgency=low
* libswscale-dev: fix alternate on libswscale-extra-2, Fixes LP: #829857
-- Reinhard Tartler <email address hidden> Sat, 20 Aug 2011 19:29:21 +0200
-
libav (4:0.7.1-1ubuntu2) oneiric; urgency=low
* relax dependencies in the shlibs file to accomodate the new versioning
scheme in libav-extra. Fixes LP: #818619
-- Reinhard Tartler <email address hidden> Mon, 01 Aug 2011 13:16:59 +0200
-
libav (4:0.7.1-1ubuntu1) oneiric; urgency=low
* Merge from debian/unstable
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
- Extra conflicts on libswscale-extra-1 (can be dropped after natty release)
libav (4:0.7.1-1) experimental; urgency=low
[ Andres Mejia ]
* Update to my @debian.org email.
[ Reinhard Tartler ]
* Pass --arch to configure
* no longer generate 'snapshot_version'
* disable jackd output support on the hurd
* Use proper architecture wildcards for Linux-only dependencies,
Closes: #634460
* Drop "backported patches"
* Imported Upstream version 0.7.1
* Fix installation of codecs.txt and formats.txt
libav (4:0.7-2) experimental; urgency=low
[ Arnout Engelen ]
* libavformat-dev depends on libavutil-dev
[ Reinhard Tartler ]
* Add backported patches for 0.7.1
-- Reinhard Tartler <email address hidden> Thu, 21 Jul 2011 21:12:27 +0200
-
libav (4:0.7-1ubuntu2) oneiric; urgency=low
* Conflicts/Replaces against broken libswscale-extra-1 package, LP: #804452
-- Reinhard Tartler <email address hidden> Wed, 06 Jul 2011 15:29:06 +0200
-
libav (4:0.7-1ubuntu1) oneiric; urgency=low
* Merge from debian. Remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
-- Reinhard Tartler <email address hidden> Wed, 22 Jun 2011 10:47:22 +0200
-
libav (4:0.7~rc1-1ubuntu1) oneiric; urgency=low
* Merge from debian. Remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
libav (4:0.7~rc1-1) experimental; urgency=low
* New upstream version
* Bug fix: "Please add ffmpeg-mt for multithreading support", branch has
been finally merged now upstream properly (Closes: #575600).
* remove 02-Fix-kfreeBSD-FTBFS.patch, applied upstream
-- Reinhard Tartler <email address hidden> Sat, 18 Jun 2011 15:43:30 +0200
-
libav (4:0.7~beta2-2ubuntu1) oneiric; urgency=low
* Merge from debian. Remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
libav (4:0.7~beta2-2) experimental; urgency=low
* refresh patches
* rename Tweak-doxygen-config patch
* add patch from upstream to fix build failure on kFreeBSD
* ignore quilt .pc status directory
libav (4:0.7~beta2-1) experimental; urgency=low
[ Jonathan Nieder ]
* only install doc/APIChanges in *-dev and libav-doc packages
* move note on source package lineage to README.Debian
* install NEWS.Debian in libavcodec-dev
* use dpkg source format 3.0 (quilt)
* allow "debian/rules clean" as unprivileged user
[ Reinhard Tartler ]
* New upstream release
libav (4:0.7~b1-2) experimental; urgency=low
* don't try to install non-existing documentation, fixes FTBFS on powerpc
* add NEWS.Debian file
* install doc/APIChanges and refer to them in NEWS.Debian (Closes: #623682)
* readd deprecated avcodec_thread_init in libavformat
-- Reinhard Tartler <email address hidden> Fri, 27 May 2011 19:27:07 +0200
-
libav (4:0.7~b1-1ubuntu1) oneiric; urgency=low
* Merge from debian. Remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
- explicitly --enable-pic on powerpc, cf. LP #654666
- different arm configure bits that should probably better be
merged into debian
* Cherry-picked from git:
- install doc/APIChanges and refer to them in NEWS.Debian (Closes: #623682)
- don't try to install non-existing documentation, fixes FTBFS on powerpc
libav (4:0.7~b1-1) experimental; urgency=low
* New upstream version
* bump SONAME and SHLIBS
* configure flags --disable-stripping was removed upstream
* the MAINTAINERS file was removed upstream
* remove patch disable-configuration-warning.patch
* drop avfilter confflags, it is enable by default in 0.7
* libfaad wrapper has been removed upstream
* also update the *contents* of the lintian overrides
-- Reinhard Tartler <email address hidden> Sat, 30 Apr 2011 14:27:42 +0200
-
libav (4:0.6.2-1ubuntu1) natty; urgency=low
* Merge from debian. Remaining changes:
- don't build against libfaad, libdirac, librtmp and libopenjpeg
(all in universe)
- explicitly --enable-pic on powerpc, cf. LP #654666
- different arm configure bits that should probably better be
merged into debian
libav (4:0.6.2-1) unstable; urgency=medium
[ Reinhard Tartler ]
* Imported Upstream version 0.6.2
- include security fixes (Closes: #611495)
* rename source package to libav
* Switch to libav packages
* copy in changelog entries from the 0.5 packaging branch (Closes: #616190)
* update version numbering
* make buildlogs verbose
* Introduce 'libav-source', which contains the patched sources of libav
* rename source package to libav
[ Fabian Greffrath ]
* Fix cp of doxy documentation fails with "Argument list too long" (Closes: #618679)
-- Reinhard Tartler <email address hidden> Sun, 20 Mar 2011 12:09:31 +0100