Debian Package Tracker

general

source: ffmpeg (main)
version: 7:3.4.2-2
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Andreas Cadhalpun [DMD] – James Cowgill [DMD] – Balint Reczey [DMD] – Alexander Strasser [DMD] – Reinhard Tartler [DMD]
arch: all any
std-ver: 4.1.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 7:3.2.10-1~deb9u1~bpo8+1
stable: 7:3.2.10-1~deb9u1
stable-sec: 7:3.2.10-1~deb9u1
testing: 7:3.4.2-2
unstable: 7:3.4.2-2
exp: 7:4.0-2

versioned links

7:3.2.5-1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.2.10-1~deb9u1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.2.10-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.4.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ffmpeg
ffmpeg-doc
libavcodec-dev
libavcodec-extra
libavcodec-extra57
libavcodec57
libavdevice-dev
libavdevice57
libavfilter-dev
libavfilter-extra
libavfilter-extra6
libavfilter6
libavformat-dev
libavformat57
libavresample-dev
libavresample3
libavutil-dev
libavutil55
libpostproc-dev
libpostproc54
libswresample-dev
libswresample2
libswscale-dev
libswscale4

action needed

A new upstream version is available: 4.0 high

A new upstream version 4.0 is available, you should consider packaging it.

Created: 2018-04-21 Last update: 2018-05-26 20:02

6 security issues in sid high

There are 6 open security issues in sid.

6 important issues:

CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-9841: The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
CVE-2018-10001: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
CVE-2017-14034: The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.
CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

Please fix them.

Created: 2018-01-02 Last update: 2018-05-19 07:57

8 security issues in stretch high

There are 8 open security issues in stretch.

1 important issue:

CVE-2017-14034: The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.

7 issues skipped by the security teams:

CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-9841: The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
CVE-2018-10001: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
CVE-2018-6392: The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
CVE-2018-6621: The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

Please fix them.

Created: 2017-12-01 Last update: 2018-05-19 07:57

6 security issues in buster high

There are 6 open security issues in buster.

6 important issues:

CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-9841: The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
CVE-2018-10001: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
CVE-2017-14034: The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.
CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

Please fix them.

Created: 2018-01-02 Last update: 2018-05-19 07:57

Build log checks report 1 error and 1 warning high

Build log checks report 1 error and 1 warning

Created: 2018-04-30 Last update: 2018-04-30 02:08

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-04-14 Last update: 2018-05-26 20:12

Depends on packages which need a new maintainer normal

The packages that ffmpeg depends on which need a new maintainer are:

libgsm (#891760)
- Depends: libgsm1 libgsm1
- Build-Depends: libgsm1-dev
libcdio-paranoia (#881910)
- Depends: libcdio-cdda2 libcdio-paranoia2
- Build-Depends: libcdio-paranoia-dev
libiec61883 (#826285)
- Depends: libiec61883-0
- Build-Depends: libiec61883-dev

Created: 2017-12-02 Last update: 2018-05-26 20:09

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 4.1.2).

Created: 2018-01-25 Last update: 2018-05-07 07:30

testing migrations

This package will soon be part of the auto-sndio transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-ffmpeg transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2018-05-06] Accepted ffmpeg 7:4.0-2 (source) into experimental (James Cowgill)
[2018-04-22] Accepted ffmpeg 7:4.0-1 (source) into experimental (James Cowgill)
[2018-04-14] ffmpeg 7:3.4.2-2 MIGRATED to testing (Debian testing watch)
[2018-04-09] Accepted ffmpeg 7:3.4.2-2 (source) into unstable (James Cowgill)
[2018-02-18] ffmpeg 7:3.4.2-1 MIGRATED to testing (Debian testing watch)
[2018-02-12] Accepted ffmpeg 7:3.4.2-1 (source) into unstable (James Cowgill)
[2018-02-11] Accepted ffmpeg 7:3.2.10-1~deb9u1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (James Cowgill)
[2018-02-08] Accepted ffmpeg 7:3.2.10-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (James Cowgill)
[2018-01-24] Accepted ffmpeg 7:3.5~git20180113-1 (source amd64 all) into experimental, experimental (James Cowgill)
[2017-12-17] ffmpeg 7:3.4.1-1 MIGRATED to testing (Debian testing watch)
[2017-12-11] Accepted ffmpeg 7:3.4.1-1 (source) into unstable (James Cowgill)
[2017-11-30] ffmpeg 7:3.4-4 MIGRATED to testing (Debian testing watch)
[2017-11-29] Accepted ffmpeg 7:3.2.9-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Ramacher)
[2017-11-25] Accepted ffmpeg 7:3.4-4 (source) into unstable (James Cowgill)
[2017-11-24] ffmpeg 7:3.4-3 MIGRATED to testing (Debian testing watch)
[2017-11-24] ffmpeg 7:3.4-3 MIGRATED to testing (Debian testing watch)
[2017-11-18] Accepted ffmpeg 7:3.4-3 (source) into unstable (James Cowgill)
[2017-11-15] ffmpeg 7:3.4-2 MIGRATED to testing (Debian testing watch)
[2017-11-09] Accepted ffmpeg 7:3.4-2 (source) into unstable (James Cowgill)
[2017-10-21] Accepted ffmpeg 7:3.4-1 (source) into experimental (James Cowgill)
[2017-10-19] Accepted ffmpeg 7:3.2.8-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Ramacher)
[2017-10-01] ffmpeg 7:3.3.4-2 MIGRATED to testing (Debian testing watch)
[2017-09-26] Accepted ffmpeg 7:3.2.7-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Ramacher)
[2017-09-26] Accepted ffmpeg 7:3.3.4-2 (source) into unstable (James Cowgill)
[2017-09-18] ffmpeg 7:3.3.4-1 MIGRATED to testing (Debian testing watch)
[2017-09-12] Accepted ffmpeg 7:3.3.4-1 (source) into unstable (James Cowgill)
[2017-09-12] ffmpeg 7:3.3.3-4 MIGRATED to testing (Debian testing watch)
[2017-09-06] Accepted ffmpeg 7:3.3.3-4 (source) into unstable (James Cowgill)
[2017-08-21] ffmpeg 7:3.3.3-3 MIGRATED to testing (Debian testing watch)
[2017-08-16] Accepted ffmpeg 7:3.3.3-3 (source) into unstable (James Cowgill)

bugs [bug history graph]

all: 8 9
RC: 0
I&N: 4 5
M&W: 4
F&P: 0

links

homepage
lintian
buildd: logs, exp, checks, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7:3.4.2-2build1
5 bugs