dgit.raspbian.org Git - libav.git/commit

libav (6:11.12-1~deb8u9) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2019-17542: heap-based buffer overflow in vqa_decode_chunk because
    of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
  * CVE-2019-14443: division by zero in range_decode_culshift in
    libavcodec/apedec.c allows remote attackers to cause a denial of
    service (application crash), as demonstrated by avconv.
  * CVE-2018-19128: heap-based buffer over-read in decode_frame in
    libavcodec/lcldec.c that allows an attacker to cause denial-of-service
    via a crafted avi file.
  * CVE-2017-17127: the vc1_decode_frame function in libavcodec/vc1dec.c
    allows remote attackers to cause a denial of service (NULL pointer
    dereference and application crash) via a crafted file.
    CVE-2018-19130 is a duplicate of this vulnerability.
  * CVE-2017-18245: the mpc8_probe function in libavformat/mpc8.c allows
    remote attackers to cause a denial of service (heap-based buffer
    over-read) via a crafted audio file on 32-bit systems.

[dgit import unpatched libav 6:11.12-1~deb8u9]

author	Sylvain Beucler <beuc@debian.org>
	Thu, 5 Dec 2019 16:27:00 +0000 (16:27 +0000)
committer	Sylvain Beucler <beuc@debian.org>
	Thu, 5 Dec 2019 16:27:00 +0000 (16:27 +0000)
commit	c4353d8f9e807998e1d6c6fc699c0f505c232e91
tree	1877503c650460ef832aa870b00e987430954b9e	tree \| snapshot
parent	7a0e99ca9d9d63237d747911eeac64c4e2e582e1	commit \| diff
parent	2dd5ba288d921b129796eac6ab165740bdeef5d9	commit \| diff

debian/NEWS	\|	\|	blob
debian/README.Debian	\|	\|	blob
debian/README.source	\|	\|	blob
debian/changelog	\|	\|	blob
debian/clean	\|	\|	blob
debian/compat	\|	\|	blob
debian/confflags	\|	\|	blob
debian/control	\|	\|	blob
debian/copyright	\|	\|	blob
debian/gbp.conf	\|	\|	blob
debian/get_soname_version.sh	\|	\|	blob
debian/libav-doc.doc-base	\|	\|	blob
debian/libav-tools.install	\|	\|	blob
debian/libav-tools.maintscript	\|	\|	blob
debian/libavcodec-dev.examples	\|	\|	blob
debian/libavcodec-dev.install.in	\|	\|	blob
debian/libavcodec-extra-56.install.in	\|	\|	blob
debian/libavcodec-extra-56.lintian-overrides	\|	\|	blob
debian/libavcodec56.install.in	\|	\|	blob
debian/libavcodec56.lintian-overrides	\|	\|	blob
debian/libavdevice-dev.install.in	\|	\|	blob
debian/libavdevice55.install.in	\|	\|	blob
debian/libavdevice55.lintian-overrides	\|	\|	blob
debian/libavfilter-dev.install.in	\|	\|	blob
debian/libavfilter5.install.in	\|	\|	blob
debian/libavfilter5.lintian-overrides	\|	\|	blob
debian/libavformat-dev.install.in	\|	\|	blob
debian/libavformat56.install.in	\|	\|	blob
debian/libavformat56.lintian-overrides	\|	\|	blob
debian/libavresample-dev.install.in	\|	\|	blob
debian/libavresample2.install.in	\|	\|	blob
debian/libavresample2.lintian-overrides	\|	\|	blob
debian/libavutil-dev.install.in	\|	\|	blob
debian/libavutil54.install.in	\|	\|	blob
debian/libavutil54.lintian-overrides	\|	\|	blob
debian/libswscale-dev.install.in	\|	\|	blob
debian/libswscale3.install.in	\|	\|	blob
debian/libswscale3.lintian-overrides	\|	\|	blob
debian/patches/02-configure-disable-ebx-gcc-4.9.patch	\|	\|	blob
debian/patches/03-disable-configuration-warnings.patch	\|	\|	blob
debian/patches/CVE-2014-8542.patch	\|	\|	blob
debian/patches/CVE-2014-9317.patch	\|	\|	blob
debian/patches/CVE-2015-1207.patch	\|	\|	blob
debian/patches/CVE-2015-1872.patch	\|	\|	blob
debian/patches/CVE-2015-6761.patch	\|	\|	blob
debian/patches/CVE-2015-6818.patch	\|	\|	blob
debian/patches/CVE-2015-6820.patch	\|	\|	blob
debian/patches/CVE-2015-6821.patch	\|	\|	blob
debian/patches/CVE-2015-6822.patch	\|	\|	blob
debian/patches/CVE-2015-6823.patch	\|	\|	blob
debian/patches/CVE-2015-6824.patch	\|	\|	blob
debian/patches/CVE-2015-6825.patch	\|	\|	blob
debian/patches/CVE-2015-6826.patch	\|	\|	blob
debian/patches/CVE-2015-8216.patch	\|	\|	blob
debian/patches/CVE-2015-8217.patch	\|	\|	blob
debian/patches/CVE-2015-8363.patch	\|	\|	blob
debian/patches/CVE-2015-8364.patch	\|	\|	blob
debian/patches/CVE-2015-8661.patch	\|	\|	blob
debian/patches/CVE-2015-8662.patch	\|	\|	blob
debian/patches/CVE-2015-8663.patch	\|	\|	blob
debian/patches/CVE-2016-10190-pre1-3668701f.patch	\|	\|	blob
debian/patches/CVE-2016-10190-pre2-362c17e6.patch	\|	\|	blob
debian/patches/CVE-2016-10190-pre3-strtoull.patch	\|	\|	blob
debian/patches/CVE-2016-10190.patch	\|	\|	blob
debian/patches/CVE-2016-10191.patch	\|	\|	blob
debian/patches/CVE-2017-10001.patch	\|	\|	blob
debian/patches/CVE-2017-1000460.patch	\|	\|	blob
debian/patches/CVE-2017-14055.patch	\|	\|	blob
debian/patches/CVE-2017-14056.patch	\|	\|	blob
debian/patches/CVE-2017-14057.patch	\|	\|	blob
debian/patches/CVE-2017-14058.patch	\|	\|	blob
debian/patches/CVE-2017-14169.patch	\|	\|	blob
debian/patches/CVE-2017-14170.patch	\|	\|	blob
debian/patches/CVE-2017-14171.patch	\|	\|	blob
debian/patches/CVE-2017-14223.patch	\|	\|	blob
debian/patches/CVE-2017-14767.patch	\|	\|	blob
debian/patches/CVE-2017-15672.patch	\|	\|	blob
debian/patches/CVE-2017-17127.patch	\|	\|	blob
debian/patches/CVE-2017-17130.patch	\|	\|	blob
debian/patches/CVE-2017-18245.patch	\|	\|	blob
debian/patches/CVE-2017-7863.patch	\|	\|	blob
debian/patches/CVE-2017-7865.patch	\|	\|	blob
debian/patches/CVE-2017-9987-1.patch	\|	\|	blob
debian/patches/CVE-2017-9987-2.patch	\|	\|	blob
debian/patches/CVE-2017-9993.patch	\|	\|	blob
debian/patches/CVE-2017-9994.patch	\|	\|	blob
debian/patches/CVE-2018-11102-1.patch	\|	\|	blob
debian/patches/CVE-2018-11102-2.patch	\|	\|	blob
debian/patches/CVE-2018-14394.patch	\|	\|	blob
debian/patches/CVE-2018-15822.patch	\|	\|	blob
debian/patches/CVE-2018-19128.patch	\|	\|	blob
debian/patches/CVE-2018-1999010.patch	\|	\|	blob
debian/patches/CVE-2018-1999012.patch	\|	\|	blob
debian/patches/CVE-2018-5766.patch	\|	\|	blob
debian/patches/CVE-2018-6392-1.patch	\|	\|	blob
debian/patches/CVE-2018-6392-2.patch	\|	\|	blob
debian/patches/CVE-2018-6621.patch	\|	\|	blob
debian/patches/CVE-2018-7557.patch	\|	\|	blob
debian/patches/CVE-2019-11338.patch	\|	\|	blob
debian/patches/CVE-2019-14372.patch	\|	\|	blob
debian/patches/CVE-2019-14442.patch	\|	\|	blob
debian/patches/CVE-2019-14443.patch	\|	\|	blob
debian/patches/CVE-2019-17542.patch	\|	\|	blob
debian/patches/avio_feof.patch	\|	\|	blob
debian/patches/series	\|	\|	blob
debian/qt-faststart.1	\|	\|	blob
debian/rebuild-scripts/README	\|	\|	blob
debian/rebuild-scripts/do_all_safe	\|	\|	blob
debian/rebuild-scripts/git_experimental_source	\|	\|	blob
debian/rules	\|	\|	blob
debian/source/format	\|	\|	blob
debian/source/include-binaries	\|	\|	blob
debian/source/lintian-overrides	\|	\|	blob
debian/upstream-signing-key.pgp	\|	\|	blob
debian/watch	\|	\|	blob