ffmpeg (7:3.2.18-0+deb9u1) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * New upstream version 3.2.18.
     - fixed a number of issues found by the OSS-Fuzz project
     - fixed upstream issues #8176, #8181, #8186, #8265, #8282, #8486, and
       #9517
     - upstreamed all patches previously backported by Debian
  * Dropped all debian/patches, now completely upstreamed

 -- Enrico Zini <enrico@debian.org>  Mon, 16 May 2022 13:01:39 +0200

ffmpeg (7:3.2.16-1+deb9u1) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * [23aefd3] New upstream version 3.2.16. Following CVEs are fixed:
      CVE-2021-38291 - assertion failure at src/libavutil/mathematics.c
      CVE-2020-22054 - A Denial of Service vulnerability due to a memory
                       leak in the av_dict_set function in dict.c.
      CVE-2020-22049 - A Denial of Service vulnerability due to a memory
                       leak in the wtvfile_open_sector function in wtvdec.c.
      CVE-2020-22037 - A Denial of Service vulnerability due to a memory
                       leak in avcodec_alloc_context3 at options.c
      CVE-2020-20453 - Divide By Zero issue via libavcodec/aaccoder, which
                       allows a remote malicious user to cause a Denial of
                       Service.
      CVE-2020-20446 - Divide By Zero issue via libavcodec/aacpsy.c, which
                       allows a remote malicious user to cause a Denial of
                       Service.
      CVE-2020-20445 - Divide By Zero issue via libavcodec/lpc.h, which
                       allows a remote malicious user to cause a Denial of
                       Service.
  * [00f277b] CVE-2020-22048 - A Denial of Service vulnerability due to a
                       memory leak in the ff_frame_pool_get function in
                       framepool.c.
  * [07e4324] CVE-2020-22046 - A Denial of Service vulnerability due to a
                       memory leak in the avpriv_float_dsp_allocl function
                       in libavutil/float_dsp.c.
  * [9f66aa6] CVE-2020-22044 - A Denial of Service vulnerability due to a
                       memory leak in the url_open_dyn_buf_internal function
                       in libavformat/aviobuf.c.
  * [93dcb1b] CVE-2020-22041 - A Denial of Service vulnerability due to a
                       memory leak in the av_buffersrc_add_frame_flags function
                       in buffersrc.
  * [c8769d4] CVE-2020-20451 - Denial of Service issue due to resource
                       management errors via fftools/cmdutils.c.

 -- Anton Gladky <gladk@debian.org>  Fri, 12 Nov 2021 19:27:15 +0100

ffmpeg (7:3.2.15-0+deb9u4) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Fix regression introduced in the previous upload.
    During the backporting of one of patches one line was wrongly
    interpretated and it caused the regression during the
    deinterlacing process. Thanks to Jari Ruusu for the reporting
    the issue and for the testing of prepared update.

 -- Anton Gladky <gladk@debian.org>  Sun, 22 Aug 2021 21:57:52 +0200

ffmpeg (7:3.2.15-0+deb9u3) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2020-22036: A heap-based Buffer Overflow vulnerability
    in filter_intra at libavfilter/vf_bwdif.c, which might lead
    to memory corruption and other potential consequences.
  * CVE-2020-22032: A heap-based Buffer Overflow vulnerability in
    gaussian_blur, which might lead to memory corruption and other
    potential consequences.
  * CVE-2020-22031: A Heap-based Buffer Overflow vulnerability in
    filter16_complex_low, which might lead to memory corruption and
    other potential consequences.
  * CVE-2020-22028: Buffer Overflow vulnerability in filter_vertically_8
    at libavfilter/vf_avgblur.c, which could cause a remote
    Denial of Service.
  * CVE-2020-22026: Buffer Overflow vulnerability exists in the config_input
    function at libavfilter/af_tremolo.c, which could let a remote malicious
    user cause a Denial of Service.
  * CVE-2020-22025: A heap-based Buffer Overflow vulnerability exists in
    gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory
    corruption and other potential consequences.
  * CVE-2020-22023: A heap-based Buffer Overflow vulnerabililty exists
    in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to
    memory corruption and other potential consequences.
  * CVE-2020-22022: A heap-based Buffer Overflow vulnerability exists in
    filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory
    corruption and other potential consequences.
  * CVE-2020-22021: Buffer Overflow vulnerability at filter_edges function in
    libavfilter/vf_yadif.c, which could let a remote malicious user cause a
    Denial of Service.
  * CVE-2020-22020: Buffer Overflow vulnerability in the build_diff_map function
    in libavfilter/vf_fieldmatch.c, which could let a remote malicious user
    cause a Denial of Service.
  * CVE-2020-22016: A heap-based Buffer Overflow vulnerability at
    libavcodec/get_bits.h when writing .mov files, which might lead to memory
    corruption and other potential consequences.
  * CVE-2020-22015: Buffer Overflow vulnerability in mov_write_video_tag due to
    the out of bounds in libavformat/movenc.c, which could let a remote
    malicious user obtain sensitive information, cause a Denial of Service, or
    execute arbitrary code.
  * CVE-2020-21041: Buffer Overflow vulnerability exists via
    apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote
    malicious user cause a Denial of Service
  * CVE-2021-3566: The tty demuxer did not have a 'read_probe' function
    assigned to it. By crafting a legitimate "ffconcat" file that references an
    image, followed by a file the triggers the tty demuxer, the contents of the
    second file will be copied into the output file verbatim (as long as the
    `-vcodec copy` option is passed to ffmpeg).
  * CVE-2021-38114: libavcodec/dnxhddec.c does not check the return value of the
    init_vlc function. Crafted DNxHD data can cause unspecified impact.

 -- Anton Gladky <gladk@debian.org>  Sat, 14 Aug 2021 18:31:23 +0200

ffmpeg (7:3.2.15-0+deb9u2) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS team.
  * Security fixes:
    - CVE-2019-17539: NULL pointer dereference and possibly unspecified other
      impact when there is no valid close function pointer
    - CVE-2020-35965: out-of-bounds write because of errors in calculations of
      when to perform memset zero operations (Closes: #979999)

 -- Roberto C. Sanchez <roberto@debian.org>  Sat, 30 Jan 2021 19:28:22 -0500

ffmpeg (7:3.2.15-0+deb9u1) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS team.
  * New upstream release, fixes include:
    - CVE-2019-13390: rawenc: Only accept the appropriate
      stream type for raw muxers
    - CVE-2019-17542: heap-based buffer overflow in vqa_decode_chunk
    - CVE-2020-13904: use-after-free via a crafted EXTINF duration
      in an m3u8 file

 -- Adrian Bunk <bunk@debian.org>  Mon, 27 Jul 2020 08:57:14 +0300

ffmpeg (7:3.2.14-1~deb9u1) stretch-security; urgency=medium

  * New upstream release(s).
    - avcodec/htmlsubtitles: Fixes denial of service due to use
      of sscanf in inner loop for handling braces (CVE-2019-9718)
    - avcodec/hevcdec: Avoid only partly skiping duplicate first slices
      (CVE-2019-11338)
    - avformat/asfdec_o: Check size_bmp more fully (CVE-2018-1999011)
    - avformat/flvenc: Check audio packet size (CVE-2018-15822)

 -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 22 May 2019 00:04:41 +0200

ffmpeg (7:3.2.12-1~deb9u1) stretch-security; urgency=medium

  * New upstream release.
    - avformat/movenc: Write version 2 of audio atom if channels is not known.
      (CVE-2018-14395)
    - avcodec/imgconvert: fix possible null pointer dereference.
      (Closes: #904123)

 -- James Cowgill <jcowgill@debian.org>  Sat, 28 Jul 2018 16:27:42 +0800

ffmpeg (7:3.2.11-1~deb9u1) stretch-security; urgency=medium

  * New upstream release.
    - avfilter/vf_transpose: Fix used plane count. (CVE-2018-6392)
    - avcodec/utvideodec: Fix bytes left check in decode_frame().
      (CVE-2018-6621)
    - avcodec/utvideodec: Check subsample factors. (CVE-2018-7557)
    - avcodec/utvideodec: Set pro flag based on fourcc. (CVE-2018-10001)
    - avcodec/mpeg4videoenc: Use 64 bit for times in
      mpeg4_encode_gop_header(). (CVE-2018-12458)
    - avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample.
      (CVE-2018-13300)
    - avformat/movenc: Check that frame_types other than
      EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id.
      (CVE-2018-13302)
  * debian/control:
    - Add Breaks on vokoscreen << 2.2.0 to libav-tools. (Closes: #864917)

 -- James Cowgill <jcowgill@debian.org>  Fri, 13 Jul 2018 23:29:52 +0100

ffmpeg (7:3.2.10-1~deb9u1) stretch-security; urgency=medium

  * New upstream release.
    - avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu.
      (CVE-2017-17081)
    - avformat/libssh: check the user provided a password before trying to
      use it. (Closes: #886912)
  * debian/patches:
    - Drop CVE-2017-16840 patch - applied upstream.

 -- James Cowgill <jcowgill@debian.org>  Fri, 26 Jan 2018 09:45:14 +0000

ffmpeg (7:3.2.9-1~deb9u1) stretch-security; urgency=medium

  * New upstream release.
    - avcodec/x86/lossless_videoencdsp: Fix out of array access.
      (CVE-2017-15186)
    - avcodec/ffv1dec: Fix out of array read in slice counting.
      (CVE-2017-15672)
  * debian/patches: avcodec/vc2enc_dwt: Fix out of bounds read.
    (CVE-2017-16840)

 -- Sebastian Ramacher <sramacher@debian.org>  Sun, 26 Nov 2017 21:29:26 +0100

ffmpeg (7:3.2.8-1~deb9u1) stretch-security; urgency=high

  * New upstream release.
    - avformat/rmdec: Fix DoS due to lack of eof check. (CVE-2017-14054)
    - avformat/mvdec: Fix DoS due to lack of eof check. (CVE-2017-14055)
    - avformat/rl2: Fix DoS due to lack of eof check. (CVE-2017-14056)
    - avformat/asfdec: Fix DoS due to lack of eof check. (CVE-2017-14057)
    - avformat/hls: Fix DoS due to infinite loop. (CVE-2017-14058)
    - avformat/cinedec: Fix DoS due to lack of eof check. (CVE-2017-14059)
    - avformat/mxfdec: Fix Sign error. (CVE-2017-14169)
    - avformat/mxfdec: Fix DoS issues. (CVE-2017-14170)
    - avformat/nsvdec: Fix DoS due to lack of eof check. (CVE-2017-14171)
    - avformat/mov: Fix DoS. (CVE-2017-14222)
    - avformat/asfdec: Fix DoS. (CVE-2017-14223)
    - ffprobe: Fix null pointer dereference with color primaries.
      (CVE-2017-14225)
    - avformat/rtpdec_h264: Fix heap-buffer-overflow. (CVE-2017-14767)

 -- Sebastian Ramacher <sramacher@debian.org>  Mon, 09 Oct 2017 18:57:17 +0200

ffmpeg (7:3.2.7-1~deb9u1) stretch-security; urgency=high

  * New upstream release.
    - apadec: Fix integer overflow. (CVE-2016-11399)
    - rtmppkt: Fix out-of-bound access. (CVE-2017-11665)
    - dnxhddec: Fix out-of-bound access. (CVE-2017-11719)
    - dnxhd_parser: Fix NULL pointer access. (CVE-2017-9608)
    - hls, avidec: Check file extensions. (CVE-2017-9993)

 -- Sebastian Ramacher <sramacher@debian.org>  Mon, 28 Aug 2017 13:08:57 +0200

ffmpeg (7:3.2.5-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.

 -- Sebastian Ramacher <sramacher@debian.org>  Mon, 22 May 2017 22:03:36 +0200

ffmpeg (7:3.2.4-1) unstable; urgency=medium

  * Import new upstream bugfix release 3.2.4.
     - Fixes CVE-2016-9561, CVE-2017-5024 and CVE-2017-5025.
  * Drop patches, included upstream:
     - lavf-chromaprint-Update-for-version-1.4.patch
     - libopenmpt-add-missing-avio_read-return-value-check.patch
     - swscale-save-ebx-register-when-it-is-not-available.patch

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Fri, 10 Feb 2017 22:24:45 +0100

ffmpeg (7:3.2.2-2) unstable; urgency=medium

  * Cherry-pick patches from upstream:
     - Fix building with chromaprint 1.4. (Closes: #851026)
     - Fix building with --disable-pic on gcc-4.8.
     - Fix heap-buffer-overflows when using libopenmpt.
  * Re-enable chromaprint on sh4 and libx264 on powerpcspe.
  * Update packaging copyright years.
  * Switch from libmodplug to libopenmpt. (Closes: #849840)

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 21 Jan 2017 22:39:40 +0100

ffmpeg (7:3.2.2-1) unstable; urgency=medium

  * Import new upstream bugfix release 3.2.2.
  * Fix log messages in autopkgtest.
  * Enable frei0r on powerpcspe.
  * Drop --disable-tesseract.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 06 Dec 2016 23:58:20 +0100

ffmpeg (7:3.2.1-1) unstable; urgency=medium

  [ Balint Reczey ]
  * Call dh_auto_install with -a/-i for -arch and for -indep targets
    respectively

  [ Andreas Cadhalpun ]
  * Import new upstream bugfix release 3.2.1.
  * Don't enable x11grab, which has been replaced with xcb.
  * Add build-dependency on autodetected libxcb-shm0-dev. (Closes: #843144)
  * Add explicit build-dependencies for autodetected features.
  * Remove patches, fixed upstream.
     - Revert-avformat-hls-Fix-missing-streams-in-some-case.patch
     - apng-use-side-data-to-pass-extradata-to-muxer.patch
     - doc-fix-spelling-errors.patch
     - pixblockdsp-disable-altivec-optimizations-on-ppc64be.patch
  * Disable libschroedinger entirely. (see #845037)
  * Enable omx.
  * Update build-dependencies for some ports.
     - m68k: enable chromaprint
     - powerpcspe: enable chromaprint, openal, opencv
     - sh4: disable chromaprint
  * Add streamcopy testing to the autopkgtest.
  * Update encdec_list.txt.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 26 Nov 2016 23:44:53 +0100

ffmpeg (7:3.2-2) unstable; urgency=medium

  * Fix FTBFS on powerpc and arch-independent build.
  * Add patch to fix test failures on ppc64.
    - pixblockdsp-disable-altivec-optimizations-on-ppc64be.patch

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 01 Nov 2016 00:42:03 +0100

ffmpeg (7:3.2-1) unstable; urgency=medium

  * Import new major upstream release 3.2.
  * Drop patches, included upstream:
    - ffmpeg_opt-Suggest-to-use-file-.-if-a-protocol-was-not-fo.patch
    - lavf-mp3enc-write-encoder-delay-padding-upon-closing.patch
    - doc-fix-spelling-errors.patch
    - faq-use-relative-links-to-own-documentation.patch
    - tests-checkasm-pixblockdsp-Test-8-byte-aligned-positions.patch
  * Switch to SDL 2.
  * Update comments in debian/rules and drop cruft.
  * Update debian/copyright.
  * Add patches to fix autopkgtest failures and spelling errors:
    - apng-use-side-data-to-pass-extradata-to-muxer.patch
    - Revert-avformat-hls-Fix-missing-streams-in-some-case.patch
    - doc-fix-spelling-errors.patch
  * Update debian/tests_encdec_list.txt.
  * Build static libraries without -fPIC as required by policy 10.2.
  * Disable uninstallable BDs on m68k and powerpcspe:
    - powerpcspe: openal, netcdf, frei0r, opencv, x264 and chromaprint.
    - m68k: chromaprint
  * Avoid needlessly re-running configure.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 30 Oct 2016 10:15:11 +0100

ffmpeg (7:3.1.5-1) unstable; urgency=medium

  * Import new upstream bugfix release 3.1.5.
  * Use nasm instead of yasm.
    - Unlike yasm it is actively maintained upstream.
    - And it doesn't embed the full build path as DW_AT_comp_dir.
      (This should make ffmpeg fully reproducible.)
  * Drop patches, fixed differently upstream:
    - disable-opj-static.patch
    - libopenjpegenc-recreate-image-data-buffer.patch
  * Add patches from upstream:
     - doc-fix-spelling-errors.patch (Closes: #839542)
     - faq-use-relative-links-to-own-documentation.patch (Closes: #841501)
     - ffmpeg_opt-Suggest-to-use-file-.-if-a-protocol-was-not-fo.patch
       (Closes: #785690)
     - lavf-mp3enc-write-encoder-delay-padding-upon-closing.patch
       (Closes: #797965)
     - tests-checkasm-pixblockdsp-Test-8-byte-aligned-positions.patch
       (LP: #1612058)
  * Use debhelper compat 10.
     - Parallel building is now the default.
  * Revert: Enable all hardening options except pie.
     - It doesn't have any effect, anyway.
     - PIE is now the default.
  * Adapt lintian overrides to PIE by default.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 22 Oct 2016 22:33:02 +0200

ffmpeg (7:3.1.4-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * Disable librtmp support, because the built-in RTMP support is better.

  [ Andreas Cadhalpun ]
  * Import new upstream bugfix release 3.1.4.
     - Fixes CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555,
       CVE-2016-7562, CVE-2016-7785 and CVE-2016-7905. (Closes: #840434)
  * Fix typos.
  * Replace libopencv-dev build-dependency with libopencv-imgproc-dev.
  * Improve build-time optimization for libavfilter-extra.
  * Mention sofalizer in libavfilter-extra6 description.
  * Remove redundant nocheck test.
  * Add libopenjpegenc-recreate-image-data-buffer.patch to fix autopkg
    test crashes.
  * Let the encdec test print the command before executing it.
  * Update encdec*_list.txt.
  * Re-enable the libopenjpeg decoder.
  * Enable libzmq on hurd, as it is now available there.
  * Use 'set -e' to abort build on configure failure.
  * Only set CC/CXX if they differ from the default.
  * Set configure options for cross-building.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 11 Oct 2016 21:17:10 +0200

ffmpeg (7:3.1.3-2) unstable; urgency=medium

  * Team upload.

  [ Balint Reczey ]
  * Enable OCR using Tesseract in libavfilter-extra* (Closes: 822555)

  [ Sebastian Ramacher ]
  * debian/libavcodec*.lintian-overrides: Remove unused lintian override.
  * debian/rules:
    - Enable all hardening options except pie.
    - Apply the same optimization for libavfilter extra flavor.
  * debian/{control,rules}: Build libavfilter extra flavor with --enable-netcdf.

 -- Sebastian Ramacher <sramacher@debian.org>  Wed, 28 Sep 2016 21:42:19 +0200

ffmpeg (7:3.1.3-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/{rules,*.symbols}: Remove symbol files and generate tighter
    dependencies using a dh_makeshlibs override. (Closes: #835645)
  * debian/copyright: Fix dep5-copyright-license-name-not-unique.

 -- Sebastian Ramacher <sramacher@debian.org>  Sun, 28 Aug 2016 12:12:44 +0200

ffmpeg (7:3.1.2-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches:
    - fix-vaapi-default-values.patch: Removed, applied upstream.
    - Revert-configure-Enable-GCC-vectorization-on-4.9-on-.patch: Removed,
      included upstream.

 -- Sebastian Ramacher <sramacher@debian.org>  Wed, 10 Aug 2016 20:42:29 +0200

ffmpeg (7:3.1.1-4) unstable; urgency=high

  * debian/control:
    - Remove obsolete Conflicts.
    - Remove obsolete Breaks against dmo packages.
  * debian/patches/fix-vaapi-default-values.patch: Use local independent
    default values. Thanks to Carl Eugen Hoyos. (Closes: #831529)

 -- Sebastian Ramacher <sramacher@debian.org>  Wed, 03 Aug 2016 15:16:59 +0200

ffmpeg (7:3.1.1-3) unstable; urgency=medium

  [ James Clarke ]
  * debian/rules: Re-enable x264 on sparc64 as the linker has been fixed.
    (Closes: #831582)

  [ Sebastian Ramacher ]
  * debian/patches/Revert-configure-Enable-GCC-vectorization-on-4.9-on-.patch:
    Apply upstream patch to disable GCC vectorization.

 -- Sebastian Ramacher <sramacher@debian.org>  Thu, 21 Jul 2016 20:26:12 +0200

ffmpeg (7:3.1.1-2) unstable; urgency=medium

  * Team upload.

  [ Aurelien Jarno ]
  * debian/rules: Fix FTBFS on mips64el by adding --disable-mips64r6. (Closes:
    #830868)

 -- Sebastian Ramacher <sramacher@debian.org>  Tue, 12 Jul 2016 16:38:52 +0200

ffmpeg (7:3.1.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/rules:
    - Really build with opencv everywhere. (Closes: #827868)
    - Remove obsolete comments.
    - Build with --enable-libebur128.
  * debian/patches
    - lavf-mpegts-Return-small-probe-score-for-very-short-.patch: Removed,
      included upstream.
    - disable-opj-static.patch: Do not define OPJ_STATIC when building against
      openjpeg 2.1.x.
  * debian/control: Add libebur128-dev to B-D.
  * debian/copyright:
    - Add new copyright holders.
    - Update copyright years.

 -- Sebastian Ramacher <sramacher@debian.org>  Tue, 12 Jul 2016 09:37:46 +0200

ffmpeg (7:3.0.2-4) unstable; urgency=medium

  * debian/control: Switch to libopenjp2-7-dev. (Closes: #826812)

 -- Sebastian Ramacher <sramacher@debian.org>  Sat, 11 Jun 2016 11:19:42 +0200

ffmpeg (7:3.0.2-3) unstable; urgency=medium

  * Team upload.

  [ Balint Reczey ]
  * Build-depend on libx265-dev (>= 1.8)

  [ Sebastian Ramacher ]
  * debian/rules:
    - No longer disable i686 optimization on i386 based architectures.
    - Disable mips32r6 for all mips architectures.
  * debian/copyright: Remove an extra 'with'.

 -- Sebastian Ramacher <sramacher@debian.org>  Wed, 01 Jun 2016 20:43:32 +0200

ffmpeg (7:3.0.2-2) unstable; urgency=medium

  * Team upload.
  * debian/rules: Build with --disable-mips32r6 on mips(el) to fix FTBFS
    there.

 -- Sebastian Ramacher <sramacher@debian.org>  Fri, 13 May 2016 16:49:23 +0200

ffmpeg (7:3.0.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release (Closes: #823633).
  * debian/patches/lavf-mpegts-Return-small-probe-score-for-very-short-.patch:
    Upstream patch to fix regression in aac in mpegts. (Closes: #823098)

 -- Sebastian Ramacher <sramacher@debian.org>  Sun, 08 May 2016 19:53:57 +0200

ffmpeg (7:3.0.1-3) unstable; urgency=medium

  * Team upload.
  * Upload to unstable.

 -- Sebastian Ramacher <sramacher@debian.org>  Sun, 17 Apr 2016 19:24:37 +0200

ffmpeg (7:3.0.1-2) experimental; urgency=medium

  * debian/control: Let libavcodec-extra depend on an existing package.

 -- Sebastian Ramacher <sramacher@debian.org>  Mon, 11 Apr 2016 20:26:41 +0200

ffmpeg (7:3.0.1-1) experimental; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/*.install.powerpc: Remove extra -ffmpeg from filenames.
  * debian/control: Bump Standards-Version.

 -- Sebastian Ramacher <sramacher@debian.org>  Mon, 11 Apr 2016 17:51:27 +0200

ffmpeg (7:3.0-1) experimental; urgency=medium

  * Team upload.
  * New upstream release.
  * SONAME bump and no longer add -ffmpeg to SONAMES.
  * debian/{rules,control}: Use automatic debug symbol packages.
  * debian/patches/{build-make-out-of-tree-builds-bit-identical-to-in-tr,
    doc-make-apidoc-output-independent-of-SRC_PATH}.patch: Removed, included
    upstream.
  * debian/missing-sources/ffmpeg-web/src/less/style.less: Update from GitHub.
  * debian/copyright: Update copyright years and add new copyright holders.
  * debian/rules:
    - Honor nocheck.
    - Simplify CPU check.
    - No longer build with --enable-libvo_aacenc.
    - Update use of --disable-mipsdspr1.
    - Build with --enable-chromaprint and --enable-librubberband.
    - Do not run tests for -indep builds.
    - Always fail loop on error.
  * debian/control:
    - Update Vcs-Git.
    - New Build-Depends: libchromaprint-dev, librubberband-dev.
    - Removed Build-Depends: libvo-aacenc-dev.
    - Update Description.

 -- Sebastian Ramacher <sramacher@debian.org>  Tue, 08 Mar 2016 01:58:44 +0100

ffmpeg (7:2.8.6-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.6.
  * Update Standards-Version to 3.9.7.
     - Move documentatation from /u/s/d/ffmpeg-doc/ to /u/s/d/ffmpeg/.
  * Use https for the Vcs-Git link.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 02 Feb 2016 23:46:23 +0100

ffmpeg (7:2.8.5-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.5.
     - Fixes CVE-2016-1897 and CVE-2016-1898.
  * Update doc-make-apidoc-output-independent-of-SRC_PATH.patch.
  * Add patch to make out-of-tree builds bit-identical to in-tree-builds.
  * Enable the now available opencv and frei0r on mips64el.
  * Fix altivec-extra compile time optimization.
  * Update copyright year for the debian files.
  * Change priority of libavcodec*-extra* to extra.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Fri, 15 Jan 2016 20:23:56 +0100

ffmpeg (7:2.8.4-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.4.
  * Change section of libavcodec-extra from libs to metapackages.
  * Re-enable libsoxr as glibc bug #793641 is now fixed in testing.
  * Add patch to make apidoc output independent of SRC_PATH.
  * Also build standard flavor in a subdirectory. (Closes: #804284)

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 20 Dec 2015 23:12:56 +0100

ffmpeg (7:2.8.3-1) unstable; urgency=medium

  * Switch debian/watch to xz instead of gz.
  * Import new upstream bugfix release 2.8.3.
    Fixes CVE-2015-8363, CVE-2015-8364 and CVE-2015-8365. (Closes: #806519)
  * Respect CC and CXX from the environment in debian/rules.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 28 Nov 2015 11:39:49 +0100

ffmpeg (7:2.8.2-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.2.
     - videodsp: don't overread edges in vfix3 emu_edge. (Closes: #801745)
  * Drop avcodec-vp8-Do-not-use-num_coeff_partitions-in-thread.patch
    included upstream.
  * Use system bootstrap for ffmpeg-doc.
  * Remove now unused bootstrap sources.
  * Add build-profile support for stage1, disabling frei0r, opencv and x264.
  * Drop now unnecessary embedded-library lintian-overrides.
  * Re-enable libdc1394 on sparc64, as libudev is working again.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 12 Nov 2015 23:58:49 +0100

ffmpeg (7:2.8.1-1) unstable; urgency=medium

  [ Balint Reczey ]
  * Add myself to uploaders.

  [ Andreas Cadhalpun ]
  * Import new upstream bugfix release 2.8.1.
  * Remove hls-only-seek-if-there-is-an-offset.patch included upstream.
  * Add avcodec-vp8-Do-not-use-num_coeff_partitions-in-thread.patch to
    fix CVE-2015-6761.
  * Enable x264 on mips64el and opencv on alpha.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 15 Oct 2015 00:26:09 +0200

ffmpeg (7:2.8-1) unstable; urgency=medium

  [ Fabian Greffrath ]
  * Pass the --dbg-package=ffmpeg-dbg parameter only to dh_strip.
  * Add alternative Depends: libavcodec-ffmpeg-extra56 to libavcodec-dev and
    ffmpeg-dbg to allow for building and debugging with this library installed.

  [ Andreas Cadhalpun ]
  * Import new major upstream release 2.8.
  * Remove the transitional lib*-ffmpeg-dev packages.
  * Drop old Breaks on kodi-bin.
  * Drop workaround for sparc, which is no Debian architecture anymore.
  * Re-enable x265 on alpha, as it's available again.
  * Disable unavailable frei0r, opencv and x264 on mips64el.
  * Disable libopenjpeg (#787275) and libschroedinger (#787957) decoders.
    (Closes: #786670)
  * Disable libdc1394 on sparc64, because it links against the broken due to
    #790560 libudev1.
  * Enable libsnappy support.
  * Add new symbols.
  * Update debian/copyright.
  * Update debian/tests/encdec_list.txt.
  * Add hls-only-seek-if-there-is-an-offset.patch. (Closes: #798189)
  * Add 'Breaks: libavutil-ffmpeg54 (>= 8:0)' to the libraries.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 22 Sep 2015 15:15:20 +0200

ffmpeg (7:2.7.2-2) unstable; urgency=medium

  [ Reinhard Tartler ]
  * Tighten breaks/replaces on libav-tools. (Closes: #793085)
  * Take over the libav-tools package.

  [ Andreas Cadhalpun ]
  * Rename d/libav-tools-links.links to d/libav-tools.links.
  * Disable libsoxr support to workaround glibc bug #793641.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 17 Aug 2015 22:45:02 +0200

ffmpeg (7:2.7.2-1) unstable; urgency=medium

  [ Reinhard Tartler ]
  * Add myself to uploaders.
  * Merge qt-faststart back into 'ffmpeg'.

  [ Andreas Cadhalpun ]
  * Upload to unstable.
  * Import new upstream bugfix release 2.7.2.
     - Make -xerror with multi-threading more robust. (Closes: #780344)
  * Enable frei0r, opencv, x264, x265 on x32 and x265 on sparc64.
  * Disable x264 on sparc64 due to #792921.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 20 Jul 2015 10:23:49 +0200

ffmpeg (7:2.7.1-2) experimental; urgency=medium

  [ Andreas Cadhalpun ]
  * Build libavcodec-extra flavor.
  * Add encdec-extra autopkgtest for the libavcodec-extra flavor.
  * Add lib*-dev and libav-tools-links packages.
  * Drop README.Debian.
  * Remove bogus apng-ffm autopkg test.
  * Explicitly build-depend on liblzma-dev used by the tiff decoder.
  * Use the pkg-multimedia repository for the Vcs links.
  * Use the plain lib*-dev packages for the test dependencies.
  * Disable libssh on sparc due to #790067.
  * Remove temporary gdb dependency on sparc64.
  * Enable openal on sparc64.

  [ Carl Eugen Hoyos ]
  * Disable x265 on alpha due to #789807.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 09 Jul 2015 23:42:42 +0200

ffmpeg (7:2.7.1-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.7.1.
  * Use DEB_LDFLAGS_MAINT_STRIP for removing the Bsymbolic-functions flag.
  * Use lissh-gcrypt-dev to avoid linking against libssl.
  * Disable DH_VERBOSE in debian/rules.
  * Add libavresample-ffmpeg2 and qt-faststart dependencies to ffmpeg-dbg.
  * Enable opencv and zvbi on m68k, disable opencv on alpha.
  * Remove unused, optional and private avpriv_emms_yasm from symbols file.
  * Build an altivec flavor on powerpc.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 21 Jun 2015 23:38:07 +0200

ffmpeg (7:2.7-1) unstable; urgency=medium

  * Import new major upstream release 2.7.
     - Suggest new mpeg4_unpack_bframes bitstream filter instead of
       VirtualDub/Avidemux. (Closes: #781510)
  * Add new symbols.
  * Change maintainer to the pkg-multimedia team and move myself to uploaders.
  * Let ffmpeg suggest ffmpeg-doc.
  * Fix encdec autopkgtest to not fail, when skipping tests.
  * Restrict shlib-with-non-pic-code lintian override to i386.
    Thanks to Jakub Wilk for the hint.
  * Use '-strict -2' in the encdec autopkgtest also for probing/decoding.
  * Disable loongson3 optimizations on mips, because they are not always
    available.
  * Update debian/copyright.
  * Update debian/tests/encdec_list.txt.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 11 Jun 2015 00:47:35 +0200

ffmpeg (7:2.6.3-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.6.3.
  * Don't install the pc-uninstalled directory.
    It is only useful in the source.
  * Use 'set -e' in the autopkgtests.
  * Explicitly build-depend on pkg-config.
  * Enable gnutls and librtmp on sparc64, libvpx and libsdl on x32 and
    opencv on powerpcspe, since they are now available.
  * Disable i686 optimizations on (hurd-)i386, because i586 is still
    supported.
  * Temporarily use gdb in sparc64 builds to investigate test failures.
  * Re-enable assembler optimizations on ppc64el, since they are
    finally really fixed.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 17 May 2015 22:03:38 +0200

ffmpeg (7:2.6.2-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.6.2.
  * Drop build-dependency on bc, the tests use awk since 2.6.
  * Drop override_dh_strip in debian/rules, because binutils is now built
    with --enable-deterministic-archives.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 12 Apr 2015 22:51:20 +0200

ffmpeg (7:2.6.1-1) unstable; urgency=medium

  * Import new major upstream release 2.6.1.
  * Add Breaks and Replaces on libav-tools (<< 6:9~), which shipped ff*
    symlinks. Thanks to Andreas Beckmann. (Closes: #779664)
  * Adapt debian/rules to changes in the configure script:
     - Don't explicitly set shlibdir as it now defaults to libdir.
     - Drop --disable-mips32r2, which has no effect anymore.
     - Don't add --disable-mipsfpu on mips64(el) as it should work there.
  * Enable libx265-dev on sparc, m68k and sh4, where it is now available.
  * Update debian/missing-sources.
  * Drop patches included upstream:
     - configure-use-ar-and-ranlib-in-deterministic-mode-if.patch
     - stop-embedding-the-build-date.patch
  * Add new symbols to debian/*.symbols.
  * Add autopkgtests:
     - examples: compile the example programs
     - encdec: test creating/reading files for many codec/format combinations
  * Update debian/copyright.
  * Add Breaks on kodi-bin (<= 14.0+dfsg1-1), because it uses internal FFmpeg
    API, which was changed incompatibly.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 16 Mar 2015 23:53:34 +0100

ffmpeg (7:2.5.4-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.5.4.
  * Drop configure-enable-vsx-together-with-altivec-for-ppc64el.patch
    included upstream.
  * Add patches making the build binary reproducible.
  * Stop using faketime.
  * Correctly handle noopt in DEB_BUILD_OPTIONS.
  * Disable assembler optimizations on ppc64el, as they don't work yet.
  * Disable assembler optimizations on mips64(el), as they don't work yet.
    Thanks to James Cowgill. (Closes: #776649)
  * Fix dep5-copyright-license-name-not-unique lintian warnings.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 14 Feb 2015 23:14:52 +0100

ffmpeg (7:2.5.3-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.5.3.
  * Add new av_*_ffversion symbols to the symbols files.
  * Let the test suite continue after the first error.
  * Update copyright year for debian packaging.
  * Re-enable assembler optimizations on armel.
  * Enable x265 on powerpcspe, as it's now available there.
  * Add configure-enable-vsx-together-with-altivec-for-ppc64el.patch to fix
    test failures on ppc64el.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 10 Jan 2015 11:36:54 +0100

ffmpeg (7:2.5.1-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.5.1.
  * Enable assembler optimizations on ppc64el. They should work now.
  * Enable rtmp on powerpcspe, x265 on hppa and zvbi on hurd and kfreebsd,
    as they are now available there.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 16 Dec 2014 01:20:40 +0100

ffmpeg (7:2.5-1) unstable; urgency=medium

  * Import new major upstream release 2.5.
  * Update debian/copyright.
  * Add new symbols to the symbols files.
  * Disable rtmp on powerpcspe and sparc64 as librtmp-dev is currently
    uninstallable there.
  * Disable opencv on powerpcspe, as it is currently uninstallable.
  * Enable x265 on mips, mipsel and powerpc, as it's now available there.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 06 Dec 2014 14:07:28 +0100

ffmpeg (7:2.4.4-1) unstable; urgency=medium

  * New upstream bugfix release 2.4.4.
  * Drop fix-hppa-tests.patch included upstream.
  * Do not enable gnutls on sparc64 and libzvbi on m68k, because they are
    not available there. Thanks to Carl Eugen Hoyos.
  * Do not enable libsdl and libvpx on x32, because they are not available.
  * Add explicit build-dependencies on libfontconfig1-dev, libfreetype6-dev,
    libgl1-mesa-dev, libpulse-dev and libxext-dev.
  * Add build-dependency on libx265-dev on the architectures, where it is
    already available.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Wed, 03 Dec 2014 00:29:36 +0100

ffmpeg (7:2.4.3-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.4.3.
     - Refresh Change-symbol-versioning.patch.
     - Add new symbols to the libavdevice symbols file.
  * Enable libbs2b on arm64, since it is now available.
  * Disable frei0r and libx264 on x32, libsoxr and openal on sparc64
    and libopencv on m68k, sh4, sparc64 and x32, because they are not
    (yet) avialable there.
  * Disable assembler optimizations on x32, as they wouldn't work there.
  * Include config.log in the build-log, when compiling fails.
  * Add fix-hppa-tests.patch to work around a gcc bug on hppa.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Wed, 05 Nov 2014 01:18:23 +0100

ffmpeg (7:2.4.2-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.4.2.
  * Drop tests_Cat-err-file-in-case-of-error.patch included upstream.
  * Disable assembler optimizations on armel to fix the tests.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 06 Oct 2014 21:13:39 +0200

ffmpeg (7:2.4.1-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.4.1.
  * Drop patches included upstream:
     - avcodec-x86-vp9lpf_Always-include-x86util.asm.patch
     - fix-build-when-AV_READ_TIME-is-unavailable.patch
     - vf_deshake-rename-Transform.vector-to-Transform.vec.patch
  * Disable Altivec on powerpc to fix test failures.
  * Cherry-pick tests_Cat-err-file-in-case-of-error.patch to ease debugging
    of test failures.
  * Add Breaks and Replaces on old ffmpeg packages to qt-faststart.
  * Disable optimizations on mips(el) to fix test failures.
  * Don't enable libbs2b on arm64, because it is not (yet) available there.
  * Disable assembler optimizations on ppc64el to (hopefully) fix the tests.
  * Upload to unstable.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Fri, 26 Sep 2014 21:58:10 +0200

ffmpeg (7:2.4-2) experimental; urgency=medium

  * Cherrypick patches from upstream:
     - fix-build-when-AV_READ_TIME-is-unavailable.patch:
       This fixes building on armel, mipsel and s390x.
     - vf_deshake-rename-Transform.vector-to-Transform.vec.patch:
       This fixes building on powerpc and ppc64el.
     - avcodec-x86-vp9lpf_Always-include-x86util.asm.patch:
       This fixes the executable stack lintian warning for libavcodec on i386.
  * Add lintian overrides for shlib-with-non-pic-code on i386, where non-PIC
    code is allowed.
  * Don't enable opencl, because it is considered experimental.
  * Bump policy to 3.9.6 (no changes required).
  * Mark ffmpeg-doc as Multi-Arch: foreign.
  * Install the headers in the triplet subdirectory of /usr/include.
    This is necessary, because some headers (e.g. libavutil/avconfig.h)
    are architecture-dependant.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 18 Sep 2014 21:54:12 +0200

ffmpeg (7:2.4-1) experimental; urgency=medium

  * Import new major upstream release 2.4. (Closes: #729203)
     - Fixes CVE-2014-5271: proresenc_ks: fix buffer overflow
     - Fixes CVE-2014-5272: iff: fix out of array access
     - The non-free image tests/lena.pnm is not shipped anymore.
  * Switch Vcs-Browser to the cgit interface.
  * In the development packages add symbolic links from the standard lib*.so
    library names to the suffixed ones.
    This makes it possible to use the normal linker flags, e.g. '-lavcodec',
    to link against the FFmpeg libraries with '-ffmpeg' suffix.
  * Add missing copyright holders/years to debian/copyright.
  * Fix wildcard-matches-nothing-in-dep5-copyright lintian warnings.
  * Add qt-faststart to the Recommends: of the ffmpeg binary package.
  * Configure with --enable-libshine, since libshine >= 3.0.0 is now available
    in Debian.
  * Drop pkg-config_file_without_build_suffix.patch and instead create symlinks
    from the lib*.pc files to the suffixed lib*-ffmpeg.pc files.
  * Install similar symlinks for the static libraries.
  * Don't hardcode default.css as CSS filename in debian/ffmpeg-doc.install.
  * Drop patches included upstream:
     - makeinfo.patch
     - Fix-spelling.patch
  * Update Change-symbol-versioning.patch.
  * Adapt the packaging to the changed library soversions.
  * Generalize ffmpeg.lintian-overrides with wildcards.
  * Add debian/missing-sources with the sources of the minified CSS files in
    the upstream tarball.
  * Create the minified CSS files during package build instead of using the
    ones shipped in the tarball.
    For this add cleancss and node-less to Build-Depends-Indep.
  * Update debian/copyright.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 14 Sep 2014 23:53:23 +0200

ffmpeg (7:2.3.1-1) experimental; urgency=medium

  * Import new upstream release 2.3.1. (Closes: #729203)
     - Fix integer overflow in LZO code. (CVE-2014-4610)
  * Fix FTBFS in Ubuntu caused by the -Bsymbolic-functions linker flag.
    Thanks to Guillaume Martres for pointing out the fix that Fabian Greffrath
    created for the Libav package.
  * Don't ignore test failures anymore, since gcc-4.9 has been fixed to
    compile FFmpeg correctly. (see #746944)
  * Enable libdc1394 only on linux. This fixes FTBFS on !linux-any.
  * Use wildcards instead of multiarch paths and sonames in lintian
    overrides.
  * Fix building on hurd (patch included upstream in 2.2.3).
  * Improve the description of the debug package.
  * Drop fix-tests.patch. Instead export the LD_LIBRARY_PATH in debian/rules.
  * Improve the comment in debian/copyright, explaining the effective license
    of the binary packages.
  * Change 'Comments:' to the correct 'Comment:' in debian/copyright.
  * Add some missing files to debian/copyright.
  * Call the upstream Makefile from debian/rules to build the apidoc
    instead of calling the doxy-wrapper directly.
  * Add _FFMPEG to the symbol versions of the libraries to ensure that there
    is no confusion, if a binary is linked against FFmpeg and another shared
    library, which is linked against Libav.
  * Update patches to apply cleanly to 2.3.
  * Add new symbols to the .symbols files.
  * Update lintian overrides.
  * Include config.log in the build-log, when configure fails.
  * Add libgnutls28-dev build-dependency, which was previously pulled in as
    a dependency of another build-dependency.
  * Install the release notes into /usr/share/doc/ffmpeg.
  * Add build-dependencies and enable in debian/rules:
     - libbs2b
     - libfribidi
  * Update debian/copyright.
  * Update the dependencies of the *-dev packages.
  * Use packaged libjs-jquery instead of the jquery created by doxygen.
  * Add Fix-spelling patch to fix spelling errors.
  * Mark architecture-dependent symbols as optional.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 09 Aug 2014 14:00:38 +0200

ffmpeg (7:2.2.1-1) experimental; urgency=medium

  * Reintroduce FFmpeg to Debian. (Closes: #729203)
    There are far to many changes since FFmpeg 0.5 to mention them here, see:
        https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n2.2.1
    Many security issues have been fixed as well, see:
        https://ffmpeg.org/security.html
    Among them are:
     - 0.5: CVE-2008-4610
     - 0.10: CVE-2011-3941, CVE-2011-3944, CVE-2011-3934, CVE-2011-3946
     - 0.11: CVE-2012-5359, CVE-2012-5360, CVE-2012-5361
     - 1.1: CVE-2012-6618, CVE-2013-0844, CVE-2013-0846, CVE-2013-0848,
            CVE-2013-0849, CVE-2013-0850, CVE-2013-0854, CVE-2013-0856,
            CVE-2013-0858
     - 1.1.1: CVE-2013-0860
     - 1.1.2: CVE-2013-0865, CVE-2013-0867, CVE-2013-0868, CVE-2013-0869
     - 1.1.3: CVE-2013-0873, CVE-2013-2277
     - 1.2: CVE-2012-5150, CVE-2013-0894, CVE-2013-2495, CVE-2013-2496
     - 2.0: CVE-2013-3670, CVE-2013-3672
     - 2.1: CVE-2013-7009, CVE-2013-7010, CVE-2013-7011, CVE-2013-7015,
            CVE-2013-7020
     - 2.1.4: CVE-2014-2263

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Wed, 07 May 2014 16:40:18 +0200
