openSUSE-SU-2015:2120-1

Описание

The ffmpeg package was updated to version 2.8.2 to fix the following security and non security issues:

• CVE-2015-8216: Fixed the ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c which could cause a denial of service (out-of-bounds array access) (bnc#955346).

• CVE-2015-8217: Fixed the ff_hevc_parse_sps function in libavcodec/hevc_ps.c which could cause a denial of service (out-of-bounds array access) (bnc#955347).

• CVE-2015-8218: Fixed the decode_uncompressed function in libavcodec/faxcompr.c which could cause a denial of service (out-of-bounds array access) (bnc#955348).

• CVE-2015-8219: Fixed the init_tile function in libavcodec/jpeg2000dec.c which could cause a denial of service (out-of-bounds array access) (bnc#955350).

• Update to new upstream release 2.8.2

  • various fixes in the aac_fixed decoder
  • various fixes in softfloat
  • swresample/resample: increase precision for compensation
  • lavf/mov: add support for sidx fragment indexes
  • avformat/mxfenc: Only store user comment related tags when needed
  • ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.
  • apng: use correct size for output buffer
  • jvdec: avoid unsigned overflow in comparison
  • avcodec/jpeg2000dec: Clip all tile coordinates
  • avcodec/microdvddec: Check for string end in 'P' case
  • avcodec/dirac_parser: Fix undefined memcpy() use
  • avformat/xmv: Discard remainder of packet on error
  • avformat/xmv: factor return check out of if/else
  • avcodec/mpeg12dec: Do not call show_bits() with invalid bits
  • avcodec/faxcompr: Add missing runs check in decode_uncompressed()
  • libavutil/channel_layout: Check strtol*() for failure
  • avformat/mpegts: Only start probing data streams within probe_packets
  • avcodec/hevc_ps: Check chroma_format_idc
  • avcodec/ffv1dec: Check for 0 quant tables
  • avcodec/mjpegdec: Reinitialize IDCT on BPP changes
  • avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
  • avcodec/h264_slice: Disable slice threads if there are multiple access units in a packet
  • avformat/hls: update cookies on setcookie response
  • opusdec: Don't run vector_fmul_scalar on zero length arrays
  • avcodec/opusdec: Fix extra samples read index
  • avcodec/ffv1: Initialize vlc_state on allocation
  • avcodec/ffv1dec: update progress in case of broken pointer chains
  • avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons
  • rtsp: Allow $ as interleaved packet indicator before a complete response header
  • videodsp: don't overread edges in vfix3 emu_edge.
  • avformat/mp3dec: improve junk skipping heuristic
  • concatdec: fix file_start_time calculation regression
  • avcodec: loongson optimize h264dsp idct and loop filter with mmi
  • avcodec/jpeg2000dec: Clear properties in jpeg2000_dec_cleanup() too
  • avformat/hls: add support for EXT-X-MAP
  • avformat/hls: fix segment selection regression on track changes of live streams
  • configure: Require libkvazaar < 0.7.
  • avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup

• Drop ffmpeg-mov-sidx-fragment.patch, fixed upstream.

• Update to new upstream release 2.8.1

  • Minor bugfix release
  • Includes all changes from. Ffmpeg-mt, libav master of 2015-08-28, libav 11 as of 2015-08-28

• Add ffmpeg-mov-sidx-fragment.patch to add sidx fragment indexes. Needed for new mpv release.