[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy update for libav



Hi Diego,

> I just released libav 0.8.20 with some more fixes, changelog below.
> 
> Diego
> 
> version 0.8.20:
> 
> - mpegvideo: Fix undefined negative shifts in mpeg_motion_internal (Bug-Id: 980, CVE-2016-9820)
> - mpegvideo: Fix undefined negative shifts in ff_init_block_index (Bug-Id: 980, CVE-2016-9819)
> - mpeg12dec: move setting first_field to mpeg_field_start() (Bug-ID: 999)
> - mpeg12dec: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9822)
> - mpegvideo_parser: avoid signed overflow in bitrate calculation (Bug-Id: 981, CVE-2016-9821)
> - h264: Use the right H264Context for struct member comparison

Thanks for your work. I'll have a look at it and upload tomorrow.

Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the
ffmpeg project for the reproducers ? Not sure they will still have them,
but it doesn't hurt to try.

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature


Reply to: