[Git][security-tracker-team/security-tracker][master] ffmpeg triage

Fri, 13 Jul 2018 07:54:19 -0700 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7cc3ff43 by Moritz Muehlenhoff at 2018-07-13T16:53:25+02:00
ffmpeg triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -18431,7 +18431,7 @@ CVE-2018-6913 (Heap-based buffer overflow in the pack 
function in Perl before 5.
        NOTE: maint-5.24: 
https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527
 CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg 
through ...)
        - ffmpeg <unfixed> (low)
-       [stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
+       [stretch] - ffmpeg <not-affected> (Code in 3.2 is different/not 
affected)
        - libav <undetermined>
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
 CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech 
WebAccess ...)
@@ -20036,11 +20036,12 @@ CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit 
and 14.0.1.24 ...)
        NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in 
FFmpeg ...)
        - ffmpeg 7:3.4.2-1
-       [stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
        - libav <undetermined>
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
        NOTE: Needs as well: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
        NOTE: fixing a (functional) regression introduced by the original fix.
+       NOTE: Fixed in 3.2.11, the commit in the 3.2 branch 
(c4ba170cad2ccdd896ea6fd3a890980008606541)
+       NOTE: has the regression fix squashed in
 CVE-2018-6391 (A cross-site request forgery web vulnerability has been 
discovered on ...)
        NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 
10.1.0.7106 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cc3ff43aab0272e637f7f075b101adc226c6ef7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cc3ff43aab0272e637f7f075b101adc226c6ef7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to