Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libav. It is a new stable point release including fixes
for CVE
The full debdiff is attached and the changelog is as follows:
libav (6:11.3-1) unstable; urgency=medium
* New upstream release fixing multiple security issues.
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- adxdec: set avctx->channels in adx_read_header
- rmenc: limit packet size
- webp: validate the distance prefix code
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- mdec: check for out of bounds read (CID/1257501)
- configure: Properly fail when libcdio/cdparanoia is not found
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- aic: Fix decoding files with odd dimensions
- vorbis: Check the vlc value in setup_classifs
- arm: Suppress tags about used cpu arch and extensions
- prores: Extend the padding check to 16bit
- icecast: Do not use chunked post, allows feeding to icecast properly
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- hevc_deblock: Fix compilation with nasm (libav #795)
- h264: initialize H264Context.avctx in init_thread_copy
- h264: Do not share rbsp_buffer across threads
- h264: only ref cur_pic in update_thread_context if it is initialized
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266)
- log: Unbreak no-tty support on 256color terminals
unblock libav/6:11.3-1
Cheers
--
Sebastian Ramacher
Attachment:
signature.asc
Description: Digital signature