Sebastian Ramacher pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
19abeff6 by Sebastian Ramacher at 2018-07-10T22:50:43+02:00
Mark CVEs fixed by ffmpeg 3.4.3 as fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1169,7 +1169,7 @@ CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for
failure of a call to ...)
- libav <undetermined>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78
CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than
...)
- - ffmpeg <unfixed>
+ - ffmpeg 7:3.4.3-1
- libav <undetermined>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value
before ...)
@@ -1177,7 +1177,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check
of a profile value befor
- libav <undetermined>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters)
passed to the ...)
- - ffmpeg <unfixed>
+ - ffmpeg 7:3.4.3-1
- libav <undetermined>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
CVE-2018-13299
@@ -3272,7 +3272,7 @@ CVE-2018-12459 (An inconsistent bits-per-sample value in
the ...)
[stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release
fixes it)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c
CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header
function in ...)
- - ffmpeg <unfixed> (low)
+ - ffmpeg 7:3.4.3-1 (low)
[stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release
fixes it)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an
admin ...)
@@ -9711,7 +9711,7 @@ CVE-2018-10003
CVE-2018-10002
RESERVED
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg
through ...)
- - ffmpeg <unfixed> (low)
+ - ffmpeg 7:3.4.3-1 (low)
[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x
release)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
- libav <undetermined>
@@ -10054,7 +10054,7 @@ CVE-2018-9843 (The REST API in CyberArk Password Vault
Web Access before 9.9.5 a
CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to
obtain ...)
NOT-FOR-US: CyberArk Password Vault
CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg
through ...)
- - ffmpeg <unfixed> (low)
+ - ffmpeg 7:3.4.3-1 (low)
[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x
release)
- libav <not-affected> (Vulnerable code not present)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
@@ -15157,7 +15157,7 @@ CVE-2018-7755 (An issue was discovered in the
fd_locked_ioctl function in ...)
CVE-2018-7754
RESERVED
CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg
through 3.4.2 ...)
- - ffmpeg <unfixed>
+ - ffmpeg 7:3.4.3-1
[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
- libav <not-affected> (Vulnerable code not present)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
@@ -15880,7 +15880,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET
Standard Stack and Sample
CVE-2018-7558
RESERVED
CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg
through ...)
- - ffmpeg <unfixed>
+ - ffmpeg 7:3.4.3-1
[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
- libav <removed>
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/19abeff6e91d36de91009e12791bda78c0362218
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/19abeff6e91d36de91009e12791bda78c0362218
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
