[Git][security-tracker-team/security-tracker][master] ffmpeg triage

Moritz Muehlenhoff Thu, 12 Jul 2018 03:09:50 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4926adec by Moritz Muehlenhoff at 2018-07-12T12:08:59+02:00
ffmpeg triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10355,7 +10355,7 @@ CVE-2018-9842 (CyberArk Password Vault before 9.7 
allows remote attackers to obt
        NOT-FOR-US: CyberArk Password Vault
 CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg 
through ...)
        - ffmpeg 7:3.4.3-1 (low)
-       [stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x 
release)
+       [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
        - libav <not-affected> (Vulnerable code not present)
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows 
physically ...)
@@ -15459,7 +15459,7 @@ CVE-2018-7754
        RESERVED
 CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg 
through 3.4.2 ...)
        - ffmpeg 7:3.4.3-1
-       [stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
+       [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
        - libav <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
 CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko 
before ...)
@@ -16182,9 +16182,9 @@ CVE-2018-7558
        RESERVED
 CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg 
through ...)
        - ffmpeg 7:3.4.3-1
-       [stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
        - libav <removed>
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
+       NOTE: Fixed in 3.2.11
 CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x 
before ...)
        - limesurvey <itp> (bug #472802)
 CVE-2018-7555
@@ -19154,9 +19154,9 @@ CVE-2018-6622
        RESERVED
 CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg 
through ...)
        - ffmpeg 7:3.4.2-1 (low)
-       [stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
        - libav <undetermined>
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
+       NOTE: Fixed in 3.2.11
 CVE-2018-6620
        REJECTED
        NOT-FOR-US: Odoo



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4926adecd1c2dedf78ac1e584ffb81791e0ea2b2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4926adecd1c2dedf78ac1e584ffb81791e0ea2b2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] ffmpeg triage

Reply via email to