- Sun Aug 5 2012 luigiwalser <luigiwalser> 2.5.4-5.3.mga1
+ Revision: 278523
- sync ffmpeg git patches from mplayer package to fix:
- CVE-2011-3892
- CVE-2011-3893
- CVE-2011-3895
- CVE-2011-3940
- CVE-2011-3929
- CVE-2011-3936
- CVE-2012-0853
- CVE-2011-3947
- CVE-2011-3945
- CVE-2012-0947
- CVE-2011-3951
- CVE-2012-0850
- CVE-2012-0851
- CVE-2012-0852
- CVE-2012-0858
- CVE-2011-3952
+ doktor5000
- removed unused bundled tarballs of ffmpeg and libswscale
- fixed CVE-2011-1196, denial of service and possible code execution via
malformed OGG file (from Ubuntu, cve-2011-1196.patch)
- fixed CVE-2011-3362, arbitrary code execution via malformed CAVS file
(from Ubuntu, cve-2011-3362.patch)
- fixed CVE-2011-1931, denial of service and possible code execution via
malformed AMV file (from Ubuntu, CVE-2011-1931.patch)
- fixed CVE-2011-2161, denial of service via malformed APE file
(from Ubuntu, CVE-2011-2161.patch)
- fixed CVE-2011-0480, denial of service and possible code execution via
crafted WebM file (rediffed from Ubuntu,
mplayer-1.4.0-mga-fix-CVE-2011-0480.patch)
- fixed CVE-2011-0723, denial of service and possible code execution via
crafted VC1 file (from Ubuntu, fix-CVE-2011-0723.patch)
- fixed CVE-2010-3429, arbitrary offset dereference vulnerability in flic video
codec (from Ubuntu, fix-CVE-2010-3429.patch)
- fixed CVE-2010-4704, denial of service via crafted .ogg file
(from Ubuntu, fix-CVE-2010-4704.patch)
- fixed CVE-2009-4636, denial of service via a crafted .aac file that triggers
an infinite loop (from Mandriva, ffmpeg-CVE-2009-4636.patch)
- fixed CVE-2011-0722, denial of service (heap memory corruption and
application crash) or possibly execute arbitrary code via a malformed
RealMedia file (from Mandriva, fmpeg-CVE-2011-0722.patch)
- fixed CVE-2011-3504, arbitrary code execution via a crafted Matroska file
(from Ubuntu, CVE-2011-3504.patch)
- fixed CVE-2011-4351, buffer overflow via error within the QDM2 decoder
(from Ubuntu, CVE-2011-4351.patch)
- fixed CVE-2011-4352, buffer overflow within the "vp3_dequant()" function
(from Ubuntu, CVE-2011-4352.patch)
- fixed CVE-2011-4353, out-of-bounds reads via errors within the
"av_image_fill_pointers()", the "vp5_parse_coeff()", and the
"vp6_parse_coeff()" functions (from Ubuntu, CVE-2011-4353.patch)
- fixed CVE-2011-4364, denial of service or arbitrary code execution via a
malformed VMD file (from Ubuntu, CVE-2011-4364.patch)
- fixed CVE-2011-4579, memory corruption via an error within the
"svq1_decode_frame()" function (from Ubuntu, CVE-2011-4579.patch)
- fix unchecked return values that may cause a crash
(from upstream, check_all_svq3_get_ue_golomb_returns.patch)
- security fix for ffmpeg-mov_bad_timings (from Mandriva)
- security fix for ffmpeg-mp3_outlen (from Mandriva)
- security fix for ffmpeg-vorbis_zero_samplerate (from Mandriva)
+ ahmad
- Enable tainted building (mga#1673) - Wed Apr 27 2011 wally <wally> 2.5.4-5.mga1
+ Revision: 92131
- fix desktop file names (mga#954)
- drop buildroot definition - Tue Feb 22 2011 ahmad <ahmad> 2.5.4-4.mga1
+ Revision: 55875
- drop esound-devel (phasing out esound from the distro)
+ anssi
- remove old macros
- imported package avidemux