- libav (6:11.12-1~deb8u1+rpi1) jessie-staging; urgency=medium
++libav (6:11.12-1~deb8u3+rpi1) jessie-staging; urgency=medium
+
+ [changes brought forward from 6:11.3-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 29 Mar 2015 02:07:33 +0000]
+ * Add special case handling for Raspbian (and any derivatives thereof) (Closes: 738760)
+ + Disable armv6t2
+ - note: the thumb2 variant of arv6 seems to be very rare, the Pi certainly
+ doesn't have it.
+ + Disable neon in the main build.
+ + Don't build a seperate neon flavour either.
+
+ [changes brought forward from 6:11.4-1~deb8u1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Thu, 11 Feb 2016 15:58:25 +0000]
+ * Re-enable specific neon build.
+ * Move armv6t2 and neon disabling from overall configure flags to static
+ and shared configure flags so they don't impact the neon-specific build.
+
- -- Raspbian forward porter <root@raspbian.org> Wed, 21 Feb 2018 03:02:59 +0000
++ -- Raspbian forward porter <root@raspbian.org> Mon, 24 Dec 2018 17:36:49 +0000
++
+ libav (6:11.12-1~deb8u3) jessie-security; urgency=medium
+
+ * Non-maintainer upload by the Debian LTS Team.
+ * debian/patches:
+ + Rename CVE-2015-6822+6823+6824.patch to CVE-2015-6822.patch..
+ * CVE-2015-6823: avcodec/alac: Clear pointers in allocate_buffers().
+ * CVE-2015-6824: swscale/utils: Clear pix buffers. Fixes use of
+ uninitialized memory.
+
+ -- Mike Gabriel <sunweaver@debian.org> Thu, 20 Dec 2018 22:56:40 +0100
+
+ libav (6:11.12-1~deb8u2) jessie-security; urgency=medium
+
+ * Non-maintainer upload by the Debian LTS Team.
+ * CVE-2014-9317: avcodec/pngdec: Check IHDR/IDAT order. Prevent remote
+ attackers from causing a denial of service (out-of-bounds heap access)
+ and possibly have other unspecified impact via an IDAT before an IHDR
+ in a PNG file.
+ * CVE-2015-6761: avcodec/vp8: Do not use num_coeff_partitions in
+ thread/buffer setup. The variable is not a constant and can lead to
+ race conditions.
+ * CVE-2015-6818: avcodec/pngdec: Only allow one IHDR chunk. Multiple IHDR
+ chunks are forbidden in PNG. Fixes inconsistency and out of array accesses.
+ * CVE-2015-6820: avcodec/aacsbr: check that the element type matches before
+ applying SBR. Fixes out of array access.
+ * CVE-2015-6821: avcodec/mpegvideo: Clear pointers in ff_mpv_common_init().
+ This ensures that no stale pointers leak through on any path.
+ * CVE-2015-6822, CVE-2015-6823, CVE-2015-6824: avcodec/sanm: Reset sizes in
+ destroy_buffers().
+ * CVE-2015-6825: avcodec/pthread_frame: clear priv_data, avoid stale pointer
+ in error case.
+ * CVE-2015-6826: avcodec/rv34: Clear pointers in
+ ff_rv34_decode_init_thread_copy(). Avoids leaving stale pointers.
+ * CVE-2015-8216: avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan()
+ before using it. Fixes out of array access.
+ * CVE-2015-8217: avcodec/hevc_ps: Check chroma_format_idc. Fixes out of
+ array access.
+ * CVE-2015-8363: avcodec/jpeg2000dec: Check for duplicate SIZ marker.
+ * CVE-2015-8364: avcodec/ivi: Check image dimensions. Fixes integer overflow.
+ * CVE-2015-8661: avcodec/h264_slice: Limit max_contexts when
+ slice_context_count is initialized. Fixes out of array access.
+ * CVE-2015-8662: avcodec/jpeg2000dwt: Check ndeclevels before calling
+ dwt_decode*(). Fixes out of array access.
+ * CVE-2015-8663: avcodec/utils: Clear dimensions in ff_get_buffer() on
+ failure. Fixes out of array access.
+ * CVE-2016-10190: http: make length/offset-related variables unsigned.
+ Required cherry-picking 3668701f and 362c17e6 from ffmpeg.git.
+ * CVE-2016-10191: avformat/rtmppkt: Check for packet size mismatches.
+ Fixes out of array access.
+
+ -- Mike Gabriel <sunweaver@debian.org> Wed, 19 Dec 2018 14:31:49 +0100
libav (6:11.12-1~deb8u1) jessie-security; urgency=medium
projects / libav.git / commitdiff