Accepted libav 6:11.12-1~deb8u4 (source all amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 07 Jan 2019 19:45:12 +0100
Source: libav
Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra
Architecture: source all amd64
Version: 6:11.12-1~deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libav-dbg - Debug symbols for Libav related packages
libav-doc - Documentation of the Libav API
libav-tools - Multimedia player, encoder and transcoder
libavcodec-dev - Development files for libavcodec
libavcodec-extra - Libav codec library (additional codecs meta-package)
libavcodec-extra-56 - Libav codec library (additional codecs)
libavcodec56 - Libav codec library
libavdevice-dev - Development files for libavdevice
libavdevice55 - Libav device handling library
libavfilter-dev - Development files for libavfilter
libavfilter5 - Libav video filtering library
libavformat-dev - Development files for libavformat
libavformat56 - Libav file format library
libavresample-dev - Development files for libavresample
libavresample2 - Libav audio resampling library
libavutil-dev - Development files for libavutil
libavutil54 - Libav utility library
libswscale-dev - Development files for libswscale
libswscale3 - Libav video scaling library
Changes:
libav (6:11.12-1~deb8u4) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix the following security vulnerabilities:
* CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of
File) check might cause huge CPU and memory consumption.
* CVE-2017-14056: a DoS in rl2_read_header() due to lack of an EOF (End of
File) check might cause huge CPU and memory consumption.
* CVE-2017-14057: a DoS in asf_read_marker() due to lack of an EOF (End of
File) check might cause huge CPU and memory consumption.
* CVE-2017-14170: a DoS in mxf_read_index_entry_array() due to lack of an EOF
(End of File) check might cause huge CPU consumption.
* CVE-2017-14171: a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End
of File) check might cause huge CPU consumption.
* CVE-2017-14767: The sdp_parse_fmtp_config_h264 function in
libavformat/rtpdec_h264.c mishandles empty sprop-parameter-sets values, which
allows remote attackers to cause a denial of service (heap buffer overflow)
or possibly have unspecified other impact via a crafted sdp file.
* CVE-2017-15672: The read_header function in libavcodec/ffv1dec.c allows
remote attackers to have unspecified impact via a crafted MP4 file, which
triggers an out-of-bounds read.
* CVE-2017-17130: The ff_free_picture_tables function in
libavcodec/mpegpicture.c allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted file, related to
vc1_decode_i_blocks_adv.
* CVE-2017-9993: Libav does not properly restrict HTTP Live Streaming
filename extensions and demuxer names, which allows attackers to read
arbitrary files via crafted playlist data.
* CVE-2017-9994: libavcodec/webp.c in Libav before does not ensure that
pix_fmt is set, which allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted file, related to the
vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.
* CVE-2018-14394: libavformat/movenc.c in Libav allows attackers to cause a
denial of service (application crash caused by a divide-by-zero error) with a
user crafted Waveform audio file.
* CVE-2018-1999010: Libav contains multiple out of array access
vulnerabilities in the mms protocol that can result in attackers accessing
out of bound data.
* CVE-2018-6621: The decode_frame function in libavcodec/utvideodec.c in
Libav allows remote attackers to cause a denial of service (out of array
read) via a crafted AVI file.
* CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in
Libav allows remote attackers to cause a denial of service (Out of array
read) via an AVI file with crafted dimensions within chroma subsampling
data.
Checksums-Sha1:
d0be3dd86c0996f53638e4be5532f41d0f4d213d 4145 libav_11.12-1~deb8u4.dsc
603425013a3ebf3173a2d9d8969e983e08c1f892 69220 libav_11.12-1~deb8u4.debian.tar.xz
05ac62b70f2bd6d55ea9c8cbca1f069717578a82 18571366 libav-doc_11.12-1~deb8u4_all.deb
c721679119cedafcc6f86cae64e6cc683dff6836 66374 libavcodec-extra_11.12-1~deb8u4_all.deb
cedc766605df2210bdd02342cc4c5836d9120dcd 474780 libav-tools_11.12-1~deb8u4_amd64.deb
edf08f6708ae92f7831133891835c2d9d2c3d46a 21601658 libav-dbg_11.12-1~deb8u4_amd64.deb
b30c11ab59cc0b3a53443667ad17359389fd5cc9 131294 libavutil54_11.12-1~deb8u4_amd64.deb
1c1fd6d39cdee72ec8556f7452acb84c85ca61b2 3109244 libavcodec56_11.12-1~deb8u4_amd64.deb
d14a0b712d7837e65daa800df4f88f442128a72a 91278 libavdevice55_11.12-1~deb8u4_amd64.deb
1b9f12827c6c75970b05247732e1154087ef33bc 585794 libavformat56_11.12-1~deb8u4_amd64.deb
91e247e3ddd9178f95b3d1518b85b076de2fe0c3 171818 libavfilter5_11.12-1~deb8u4_amd64.deb
991fc82a17b005725a63a6128d5205087ba04882 144588 libswscale3_11.12-1~deb8u4_amd64.deb
be70e721c9cb7686933553e111b4aa61c1212b28 193538 libavutil-dev_11.12-1~deb8u4_amd64.deb
2137e0206abe1416b7f261296be0385cd4f9738b 3432802 libavcodec-dev_11.12-1~deb8u4_amd64.deb
594b1c29362dbd8a8b87215667fcbb0f9987aee4 94086 libavdevice-dev_11.12-1~deb8u4_amd64.deb
bde1de14202f225f6e8884975a078de3a4403e88 692244 libavformat-dev_11.12-1~deb8u4_amd64.deb
25356d8dbe8f2e9cfa6aca0c0db1e2a158d651fd 203370 libavfilter-dev_11.12-1~deb8u4_amd64.deb
b8251108a951e8727628f1142835d362ee54b579 157540 libswscale-dev_11.12-1~deb8u4_amd64.deb
d0ddf8edb6537f607625f24397bd25e4621c0195 112590 libavresample-dev_11.12-1~deb8u4_amd64.deb
8d4490b32ba6071b5f3193c24284972bcba877d1 103646 libavresample2_11.12-1~deb8u4_amd64.deb
31ae70907e0b2c6544be1da3b29741211f1a3d29 3112362 libavcodec-extra-56_11.12-1~deb8u4_amd64.deb
Checksums-Sha256:
cd5c1986b232b5f662ab99aaac3ed8216662a796995b1a3bc2820ce310d62782 4145 libav_11.12-1~deb8u4.dsc
4885b05b1007cb23c56abe274d7c9031c3a0c816755113a067a89077b0b011a9 69220 libav_11.12-1~deb8u4.debian.tar.xz
7387461ed87fb8b12bf48d5ca20deffe8fc369f6e1901dbebcf8b2690c253ff2 18571366 libav-doc_11.12-1~deb8u4_all.deb
5b8aad9496eee14c8a42ed0fce97a657b3230422ee6adf72a4cd8af017a7721f 66374 libavcodec-extra_11.12-1~deb8u4_all.deb
f5e35cf51b18c6af6cf39fafb8b48b89ed106005dd24564ce3c50e189f6b4001 474780 libav-tools_11.12-1~deb8u4_amd64.deb
ec19f304342f5bb25f8fbd12654375c6534618bbe3b28e01399d74880e38f52c 21601658 libav-dbg_11.12-1~deb8u4_amd64.deb
143545ca7098602c327dba78ace94e57f8680c6656f7b0ff4c666250c40cdfeb 131294 libavutil54_11.12-1~deb8u4_amd64.deb
28c4bb621ca86d204d8ff52ee1624d1f8bc4d5a8bc69e3f9a2425f411f8875d2 3109244 libavcodec56_11.12-1~deb8u4_amd64.deb
e942323fe25b98c2bbf285fdb58aa885360f6f97af7a982cb0943ddb236a62a2 91278 libavdevice55_11.12-1~deb8u4_amd64.deb
a311f650c967a34e8d9a7648b012a9b829c1433ae0197ccb80b409d3b5b8538d 585794 libavformat56_11.12-1~deb8u4_amd64.deb
65d061a8a4879d4565180b166a73f146377b1a4d69e4b9124bf68f503199a4c6 171818 libavfilter5_11.12-1~deb8u4_amd64.deb
e10406c57520e6aed54d18f7446b0f93ee0579d37e5095c3d771b1e5f6d4a3c7 144588 libswscale3_11.12-1~deb8u4_amd64.deb
ae9c398a9ae2f38c6e7df0c02730c087595e1c0b2b8dcd215d58792807100969 193538 libavutil-dev_11.12-1~deb8u4_amd64.deb
bd69e6df1e82e9af16af0832ff29a5cbec39ca22406a464a9730e77b194673cb 3432802 libavcodec-dev_11.12-1~deb8u4_amd64.deb
d6c6d81518ab418ba2a095f793428b07beced08de7357b71faf16b15862faed8 94086 libavdevice-dev_11.12-1~deb8u4_amd64.deb
58480b5b681cb9979e5a82df2d13f57e1df952b57cfc29787888414ddc191ae2 692244 libavformat-dev_11.12-1~deb8u4_amd64.deb
1ea697421d1470f24f5fa2fce1fc1b97fa8e33fce2039d5efebb1b667dfb6585 203370 libavfilter-dev_11.12-1~deb8u4_amd64.deb
099526c928557bf3203518fe4e3b2c6e9dcafbdcb42fc2bbb493bdabaa9bb7a6 157540 libswscale-dev_11.12-1~deb8u4_amd64.deb
a37e99c57d6d70889e6f91feadb417b9449ce9264e4efb90655b028472a1d921 112590 libavresample-dev_11.12-1~deb8u4_amd64.deb
a5cfa5012a9336aa19deeb11eb3a795416a4e088df2dac28f18da33d3c7dbe77 103646 libavresample2_11.12-1~deb8u4_amd64.deb
d3ca834c375f0894ad1e7f3a658e962fd4be001d9f41575492b159c08d2bee85 3112362 libavcodec-extra-56_11.12-1~deb8u4_amd64.deb
Files:
310ba7c46ece910f87df8a0dedc14d88 4145 libs optional libav_11.12-1~deb8u4.dsc
db810fdf38fe905cbf0e5bdc6f181dac 69220 libs optional libav_11.12-1~deb8u4.debian.tar.xz
09838950c4749feff7a44ecf72210bfd 18571366 doc optional libav-doc_11.12-1~deb8u4_all.deb
34351fe5a23fe8fdc346e8f854af7614 66374 metapackages extra libavcodec-extra_11.12-1~deb8u4_all.deb
cd744b4e6642b0c2a5e734711f2f803b 474780 video optional libav-tools_11.12-1~deb8u4_amd64.deb
c04bbb6a497884d580bb08d0439cbbac 21601658 debug extra libav-dbg_11.12-1~deb8u4_amd64.deb
988a018d2d554b7892ee23de0eba89f9 131294 libs optional libavutil54_11.12-1~deb8u4_amd64.deb
04e0c7e91194437688190d2191d50bee 3109244 libs optional libavcodec56_11.12-1~deb8u4_amd64.deb
34c7df47239dd470e5a22d1c2deb0bb7 91278 libs optional libavdevice55_11.12-1~deb8u4_amd64.deb
f6a6afcfde384c87b189774cd4d19060 585794 libs optional libavformat56_11.12-1~deb8u4_amd64.deb
2a0383bd479b1e36441182e6b4f52ae4 171818 libs optional libavfilter5_11.12-1~deb8u4_amd64.deb
914bf85ae842aaba08019ea576ab2a67 144588 libs optional libswscale3_11.12-1~deb8u4_amd64.deb
eabfc393ee2f06e68a79ea5e1c24ef49 193538 libdevel optional libavutil-dev_11.12-1~deb8u4_amd64.deb
a7aef566a8f214c44b031ece2d4feb45 3432802 libdevel optional libavcodec-dev_11.12-1~deb8u4_amd64.deb
6a507e0127457c5627616a8235f1d0ad 94086 libdevel optional libavdevice-dev_11.12-1~deb8u4_amd64.deb
518ff9d78735b478910bc0d3df0eb5f5 692244 libdevel optional libavformat-dev_11.12-1~deb8u4_amd64.deb
c8f78ea8e1c46c0449672a78b1d46898 203370 libdevel optional libavfilter-dev_11.12-1~deb8u4_amd64.deb
27cba4ef777edb29474fbc915cfe6905 157540 libdevel optional libswscale-dev_11.12-1~deb8u4_amd64.deb
492e789ded1d39e9a0d9b5c5dce71395 112590 libdevel optional libavresample-dev_11.12-1~deb8u4_amd64.deb
ec5b2c990eff419a27671eb0635e999d 103646 libs optional libavresample2_11.12-1~deb8u4_amd64.deb
586b9ccf0e69e2f2a0afdadc50b31b97 3112362 libs optional libavcodec-extra-56_11.12-1~deb8u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwzt21fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk3TQP/3GKlGvxdeDRp5I21ZSzriyw7fbFwmu06iYl
hFeUxGHuddEdHrNN991WM/rYnZ95EUDeiaZcxLfb2oPvxappgrUW8MQcDeT01eeX
V9buPnTpVXLEmAN/wOVgeu1Xf1tPvskqU/UJu/uwiqUsuzvp63ihEpoGs0f2TG6+
r8wnzTTc8BcrVtFj240Mdpz2AGOdoh16qwrP4ZJG90wqdwo5j6IVJozkir4jtD36
q2jcyKb1JSqOTUb8Ph+RP3fI6rl68I4+ncXFfsWpNyxgfRTRzOXp8MynjeufUFiV
Az/7agFTcHO7yOeTzoOM0IKa8u2fmxiIdIbVeDYyXx6DtNcYoabFyD5Cz1CprvNb
8IpT1Eido7Zc94qaxyRfxRLIpD/T7droep5nRXt7Yzro4xhfYQ8GeRgCaukCF2Lk
XifhYqh5kBSKOP+LNCar1SL6YX9eXjuA5mzSowj2aiLguchPqOOjN6U+hpXTR0c0
w2bAJSUzKjNVd7q/X0hj2aN+/RuSEl3eH9QdwiLIPIAACndJm5mjxE2r3af+C3dL
J5rRcx3/BpAWztIZXlRNoJgLYImPsJ1f0LYobIcAiEYJPLz1L65XJ2/AOKaKSvKI
a/PVcEgVUy8CIZkMDPHTIhTj4vrRekeJ4pNha1g6su8Vz8DfiH6d9pfIEL5BljsU
d8xR7oa4
=RE++
-----END PGP SIGNATURE-----