[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 1b7fef3 web/security: add CVEs for 2.5.9 and 2.4.12

ffmpeg-cvslog at ffmpeg.org ffmpeg-cvslog at ffmpeg.org
Thu Dec 10 02:10:19 CET 2015


The branch, master has been updated
       via  1b7fef3b4f1832963db372273e91ec40667d7d25 (commit)
       via  978f48859ca2c7a91633e67ae3a5aa55de68f5ea (commit)
      from  056d2d9a719c92322de412466197951d59d9d990 (commit)


- Log -----------------------------------------------------------------
commit 1b7fef3b4f1832963db372273e91ec40667d7d25
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Thu Dec 10 02:08:42 2015 +0100
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Thu Dec 10 02:08:42 2015 +0100

    web/security: add CVEs for 2.5.9 and 2.4.12
    
    add CVE-2015-6761, CVE-2015-8216, CVE-2015-8219, CVE-2015-8363, CVE-2015-8364, CVE-2015-8365

diff --git a/src/security b/src/security
index f8a0fbc..154205d 100644
--- a/src/security
+++ b/src/security
@@ -130,6 +130,19 @@ CVE-2015-3417, e8714f6f93d1a32f4e4655209960afcf4c185214
 
 <h2>FFmpeg 2.5</h2>
 
+<h3>2.5.9</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2015-6761, 608f928c74d821f74747e22819b4c6dfc90acbb5 / dabea74d0e82ea80cd344f630497cafcb3ef872c
+CVE-2015-8216, f2b161319d29d19d9113b4d06bc28be8745fa35c / d24888ef19ba38b787b11d1ee091a3d94920c76a
+CVE-2015-8219, 9e755b9b99c3c28a27a34d276a182b84f8563eff / 43492ff3ab68a343c1264801baa1d5a02de10167
+CVE-2015-8363, be4b41b6cb7cd3c962cfcde6305d5e7537645bf2 / 44a7f17d0b20e6f8d836b2957e3e357b639f19a2
+CVE-2015-8364, ffaea7a790778ec4f23a22bbb445b77471dbddb1 / df91aa034b82b77a3c4e01791f4a2b2ff6c82066
+CVE-2015-8365, 2b0cda395f2330fc0dbebadb612b758bf46ccf47 / 4a9af07a49295e014b059c1ab624c40345af5892
+</pre>
+
 <h3>2.5.8</h3>
 <p>
 Fixes following vulnerabilities:
@@ -196,6 +209,19 @@ CVE-2014-9319, ea38e5a6b75706477898eb1e6582d667dbb9946c
 
 <h2>FFmpeg 2.4</h2>
 
+<h3>2.4.12</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2015-6761, ee5ba259d12d60c4e67fb0d92b46bd4b16d79eac / dabea74d0e82ea80cd344f630497cafcb3ef872c
+CVE-2015-8216, 2f89546333b53e626d710cde357f0d13ea450474 / d24888ef19ba38b787b11d1ee091a3d94920c76a
+CVE-2015-8219, d73a8ae70f15d4c9145c20db709f4b06b0a8e835 / 43492ff3ab68a343c1264801baa1d5a02de10167
+CVE-2015-8363, ac302efb9151addfc9d45495d56592ba6fd384b2 / 44a7f17d0b20e6f8d836b2957e3e357b639f19a2
+CVE-2015-8364, f68ff799eb00ec7f38e983c7fbe60c7ff948e401 / df91aa034b82b77a3c4e01791f4a2b2ff6c82066
+CVE-2015-8365, 3449b47dc548fdc91ee46c6e3de04ad8b6b3d045 / 4a9af07a49295e014b059c1ab624c40345af5892
+</pre>
+
 <h3>2.4.11</h3>
 <p>
 Fixes following vulnerabilities:

commit 978f48859ca2c7a91633e67ae3a5aa55de68f5ea
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Thu Dec 10 02:08:10 2015 +0100
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Thu Dec 10 02:08:10 2015 +0100

    web/download: add FFmpeg 2.4.12

diff --git a/src/download b/src/download
index a851294..2ec242b 100644
--- a/src/download
+++ b/src/download
@@ -439,10 +439,10 @@ libpostproc    53.  3.100</pre>
 
 
   <a name="release_2.4"></a><h3>
-    FFmpeg 2.4.11 "Fresnel"</h3>
+    FFmpeg 2.4.12 "Fresnel"</h3>
 
   <p>
-    2.4.11 was released on 2015-08-25. It is the latest stable FFmpeg release
+    2.4.12 was released on 2015-12-10. It is the latest stable FFmpeg release
     from the 2.4 release branch, which was cut from master on 2014-09-14.
     Amongst lots of other changes, it includes all changes from
     ffmpeg-mt, libav master of 2014-09-14, libav 11.4 as of 2015-08-25.
@@ -462,15 +462,15 @@ libpostproc    53.  0.100</pre>
 
   <div class="row">
     <div class="col-md-4">
-      <a class="btn btn-success" href="releases/ffmpeg-2.4.11.tar.bz2">Download bzip2 tarball</a>
-      <small><a href="releases/ffmpeg-2.4.11.tar.bz2.asc">PGP signature</a></small>
+      <a class="btn btn-success" href="releases/ffmpeg-2.4.12.tar.bz2">Download bzip2 tarball</a>
+      <small><a href="releases/ffmpeg-2.4.12.tar.bz2.asc">PGP signature</a></small>
     </div> <!-- col -->
     <div class="col-md-4">
-      <a class="btn btn-success" href="releases/ffmpeg-2.4.11.tar.gz">Download gzip tarball</a>
-      <small><a href="releases/ffmpeg-2.4.11.tar.gz.asc">PGP signature</a></small>
+      <a class="btn btn-success" href="releases/ffmpeg-2.4.12.tar.gz">Download gzip tarball</a>
+      <small><a href="releases/ffmpeg-2.4.12.tar.gz.asc">PGP signature</a></small>
     </div> <!-- col -->
     <div class="col-md-4 text-right">
-      <small><a href="http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n2.4.11">Changelog</a></small>
+      <small><a href="http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n2.4.12">Changelog</a></small>
       <a class="btn btn-success" href="http://git.videolan.org/?p=ffmpeg.git;a=blob;f=RELEASE_NOTES;hb=release/2.4">Release Notes</a>
     </div> <!-- col -->
   </div> <!-- row -->

-----------------------------------------------------------------------

Summary of changes:
 src/download | 14 +++++++-------
 src/security | 26 ++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 7 deletions(-)


hooks/post-receive
-- 



More information about the ffmpeg-cvslog mailing list