[SCM] libav/jessie: New upstream release
sramacher at users.alioth.debian.org
sramacher at users.alioth.debian.org
Tue Mar 1 22:28:27 UTC 2016
The following commit has been merged in the jessie branch:
commit e533bc234056455ef57db84ad24b5c9287636f73
Author: Sebastian Ramacher <sramacher at debian.org>
Date: Tue Mar 1 23:27:50 2016 +0100
New upstream release
diff --git a/debian/changelog b/debian/changelog
index 15ddae1..b61a6a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,52 @@
-libav (6:11.4-1~deb8u2) jessie-security; urgency=medium
+libav (6:11.6-1~deb8u1) jessie-security; urgency=medium
- * debian/confflags: Build with --disable-protocol=concat as this is the only
- real fix for CVE-2016-1897 and CVE-2016-1898.
-
- -- Sebastian Ramacher <sramacher at debian.org> Wed, 20 Jan 2016 14:21:56 +0100
+ * New upstream release fixing multiple security issues.
+ - concat: disable by default (CVE-2016-1897, CVE-2016-1898)
+ - aac_parser: add required padding for GetBitContext buffer
+ - ac3_parser: add required padding for GetBitContext buffer
+ - imc: add required padding for GetBitContext buffer
+ - h263: Always check both dimensions
+ - opusdec: properly handle mismatching configurations in multichannel
+ streams
+ - vc1: Use logical instead of bitwise or for twomv
+ - mov: Correctly allocate ctts_data
+ - mov: Fix two memleaks
+ - aac: Wait to know the channels before allocating frame
+ - rtpdec_asf: Check memory allocation and free memory on error
+ - jack: Check memory allocation
+ - mov: Check memory allocation
+ - audiointerleave: Always initialize new_pkt
+ - sctp: Always initialize outmsg struct
+ - mkv: Correctly report the latest packet had been flushed
+ - aic: Fix slice size computation for widths multiples of 32 macroblocks
+ - mov: Preserve the metadata even when bit-exactness is requested
+ - webp: Make sure enough bytes are available
+ - h261: Set 'still image mode off' in picture header
+ - h261: Signal freeze picture release for intra frames
+ - avconv: vda: Unlock the pixel buffer once it is accessed
+ - g726: Do not crash on user mistake
+ - bytestream2: set the reader to the end when reading more than available
+ - af_channelmap: properly set the supported output channel layouts
+ - rtsp: Only interpret $ as interleaved packet indicator at the start of replies
+ - rtsp: Allow $ as interleaved packet indicator before a complete response header
+ - vp7: bound checking in vp7_decode_frame_header
+ - mux: Make sure that the data is actually written
+ - file: properly forward errors from file_read() and file_write()
+ - mmvideo: Make sure the rle does not write over the frame boundaries
+ - opus: Buffer the samples from the correct offset
+ - nut: Use the correct codec_tag when multiple are available
+ - truemotion2: Fix the buffer check
+ - flashsv: Initialize the block array
+ - mimic: Always return on failure
+ - msnwc_tcp: Correctly report failure
+ - lagarith: Correctly compute hash_shift
+ - rpza: Check the blocks left before processing one
+ - dvdsubdec: Validate the RLE offsets
+ - avi: Validate the stream-id for DV as well
+ - mov: Use the correct type for size
+ * debian/confflags: Force --disable-protocol=concat.
+
+ -- Sebastian Ramacher <sramacher at debian.org> Tue, 01 Mar 2016 23:27:42 +0100
libav (6:11.4-1~deb8u1) jessie-security; urgency=high
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list