[Git][security-tracker-team/security-tracker][master] milkytracker, ffmpeg fixed

Mon, 28 Oct 2019 11:41:00 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e0893e3 by Moritz Muehlenhoff at 2019-10-28T18:40:02Z
milkytracker, ffmpeg fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3058,7 +3058,7 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer 
overflow in LZ4_write32
        NOTE: https://github.com/lz4/lz4/pull/756
        NOTE: https://github.com/lz4/lz4/pull/760
 CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in 
vqa_decode_chunk ...)
-       - ffmpeg <unfixed>
+       - ffmpeg 7:4.2.1-1
        [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x 
branch)
        [stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x 
branch)
        - libav <removed>
@@ -3086,7 +3086,7 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a 
heap-based buffer overflow in
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
 CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c 
allows a NUL ...)
-       - ffmpeg <unfixed> (low)
+       - ffmpeg 7:4.2.1-1 (low)
        [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x 
branch)
        [stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x 
branch)
        - libav <removed> (low)
@@ -11608,14 +11608,14 @@ CVE-2019-14498 (A divide-by-zero error exists in the 
Control function of demux/c
        NOTE: https://www.videolan.org/security/sb-vlc308.html
 CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in 
MilkyTr ...)
        {DLA-1961-1}
-       - milkytracker <unfixed> (bug #933964)
+       - milkytracker 1.02.00+dfsg-2 (bug #933964)
        [buster] - milkytracker <no-dsa> (Minor issue)
        [stretch] - milkytracker <no-dsa> (Minor issue)
        NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
        NOTE: 
https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
 CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 
1.02.00 ha ...)
        {DLA-1961-1}
-       - milkytracker <unfixed> (bug #933964)
+       - milkytracker 1.02.00+dfsg-2 (bug #933964)
        [buster] - milkytracker <no-dsa> (Minor issue)
        [stretch] - milkytracker <no-dsa> (Minor issue)
        NOTE: https://github.com/milkytracker/MilkyTracker/issues/183
@@ -11726,7 +11726,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in 
Schism Tracker 20190722 has a
        NOTE: 
https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
 CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 
1.02.00 has a  ...)
        {DLA-1961-1}
-       - milkytracker <unfixed> (bug #933964)
+       - milkytracker 1.02.00+dfsg-2 (bug #933964)
        [buster] - milkytracker <no-dsa> (Minor issue)
        [stretch] - milkytracker <no-dsa> (Minor issue)
        NOTE: https://github.com/milkytracker/MilkyTracker/issues/184



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e0893e361535d2f97c9c851e2e4e64ba319bdcb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e0893e361535d2f97c9c851e2e4e64ba319bdcb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to