[Git][security-tracker-team/security-tracker][master] Revert broken libav commits

Moritz Muehlenhoff Thu, 14 Nov 2019 13:24:18 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b7f192d0 by Moritz Muehlenhoff at 2019-11-14T21:22:32Z
Revert broken libav commits
- That comment has no place in the Debian Security Tracker
- Remove botched entries, re-read the Security Tracker docs before
  submitting this again

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30893,16 +30893,12 @@ CVE-2019-9721 (A denial of service in the subtitle 
decoder in FFmpeg 4.1 allows
        [jessie] - libav <not-affected> (Vulnerable code not present)
 CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 
12.3 al ...)
        - libav <removed>
-       [jessie] - libav <unfixed> (unimportant)
        NOTE: Actual vulnerability description is (https://lgtm.com/security/):
        NOTE: "Denial of service due to quadratic call to strstr in srtdec.c"
        NOTE: Using strstr is not an actual DoS
-       NOTE: Conflict of interest: mass CVE filling using code analysis tool 
sold by finder
 CVE-2019-9719 (A stack-based buffer overflow in the subtitle decoder in Libav 
12.3 al ...)
        - libav <removed>
-       [jessie] - libav <undetermined>
        NOTE: Generic low-certainty warning about snprintf usage without 
rationale
-       NOTE: Conflict of interest: mass CVE filling using code analysis tool 
sold by finder
 CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder 
allows atta ...)
        {DSA-4449-1}
        - ffmpeg 7:4.1.3-1 (low; bug #926666)
@@ -30911,9 +30907,7 @@ CVE-2019-9718 (In FFmpeg 4.1, a denial of service in 
the subtitle decoder allows
        [jessie] - libav <not-affected> (Vulnerable code not present)
 CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder 
allows atta ...)
        - libav <removed>
-       [jessie] - libav <unfixed> (unimportant)
        NOTE: Non-trivial sscanf format is not an actual DoS
-       NOTE: Conflict of interest: mass CVE filling using code analysis tool 
sold by finder
 CVE-2019-9716
        RESERVED
 CVE-2019-9715



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7f192d0e371e48c1097025fd9bb6f7f9737fca7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7f192d0e371e48c1097025fd9bb6f7f9737fca7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Revert broken libav commits

Reply via email to