Register | Log in

aom

Choose email to subscribe with

general

source: aom (main)
version: 3.12.1-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: James Cowgill [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.0.0.errata1-3+deb11u1
old-sec: 1.0.0.errata1-3+deb11u2
old-bpo: 3.6.0-1~bpo11+1
stable: 3.6.0-1+deb12u1
stable-sec: 3.6.0-1+deb12u1
stable-p-u: 3.6.0-1+deb12u2
testing: 3.12.1-1
unstable: 3.12.1-1

versioned links

1.0.0.errata1-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.0.errata1-3+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.0-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.0-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.0-1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.12.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

aom-tools
libaom-dev
libaom-doc
libaom3

action needed

3 security issues in buster high

There are 3 open security issues in buster.

1 important issue:

CVE-2024-5171: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

1 issue postponed or untriaged:

CVE-2023-6879: (postponed; to be fixed through a stable update) Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().

1 ignored issue:

CVE-2020-0478: In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418

Created: 2024-06-03 Last update: 2024-06-08 05:41

Depends on packages which need a new maintainer normal

The packages that aom depends on which need a new maintainer are:

yasm (#1011573)
- Build-Depends: yasm

Created: 2022-05-25 Last update: 2025-07-31 12:31

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-6879: (needs triaging) Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2023-39616: AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

Created: 2023-09-01 Last update: 2025-04-29 04:57

debian/patches: 3 patches to forward upstream low

Among the 3 debian patches available in version 3.12.1-1 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-04-19 19:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2024-03-21 Last update: 2024-03-21 07:46

news

[2025-06-19] Accepted aom 3.6.0-1+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Boyuan Yang)
[2025-04-29] aom 3.12.1-1 MIGRATED to testing (Debian testing watch)
[2025-04-19] Accepted aom 3.12.1-1 (source) into unstable (Boyuan Yang)
[2025-04-13] Accepted aom 3.12.1~rc1-1~exp1 (source) into experimental (Boyuan Yang)
[2025-02-14] aom 3.12.0-1 MIGRATED to testing (Debian testing watch)
[2025-02-11] Accepted aom 3.12.0-1 (source) into unstable (Boyuan Yang)
[2025-02-11] Accepted aom 3.12.0-1~exp1 (source) into experimental (Boyuan Yang)
[2025-02-10] Accepted aom 3.12.0~rc1-1~exp1 (source) into experimental (Boyuan Yang)
[2024-11-20] aom 3.11.0-1 MIGRATED to testing (Debian testing watch)
[2024-11-17] Accepted aom 3.11.0-1 (source) into unstable (Boyuan Yang)
[2024-11-10] aom 3.11.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2024-11-08] Accepted aom 3.11.0~rc1-1 (source) into unstable (Boyuan Yang)
[2024-10-24] aom 3.10.0-1 MIGRATED to testing (Debian testing watch)
[2024-10-22] Accepted aom 3.10.0-1 (source) into unstable (Boyuan Yang)
[2024-09-07] Accepted aom 1.0.0.errata1-3+deb11u2 (source) into oldstable-security (Adrian Bunk)
[2024-08-21] Accepted aom 3.6.0-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2024-08-21] Accepted aom 3.6.0-1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2024-07-11] aom 3.9.1-1 MIGRATED to testing (Debian testing watch)
[2024-07-09] Accepted aom 3.9.1-1 (source) into unstable (Boyuan Yang)
[2024-07-08] Accepted aom 3.9.1-1~exp1 (source) into experimental (Boyuan Yang)
[2024-06-08] aom 3.8.2-3 MIGRATED to testing (Debian testing watch)
[2024-06-05] Accepted aom 3.8.2-3 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-03-25] aom 3.8.2-2 MIGRATED to testing (Debian testing watch)
[2024-03-20] Accepted aom 3.8.2-2 (source) into unstable (Boyuan Yang)
[2024-03-19] Accepted aom 3.8.2-1 (source) into experimental (Boyuan Yang)
[2024-02-05] aom 3.8.1-1 MIGRATED to testing (Debian testing watch)
[2024-01-31] Accepted aom 3.8.1-1 (source) into unstable (Boyuan Yang)
[2023-11-29] aom 3.7.1-1 MIGRATED to testing (Debian testing watch)
[2023-11-26] Accepted aom 3.7.1-1 (source) into unstable (Boyuan Yang)
[2023-10-14] aom 3.7.0-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.12.1-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing