Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f5d64ed1 by Sylvain Beucler at 2019-11-15T20:55:17Z
CVE-2019-9720,CVE-2019-9717/libav: unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30965,7 +30965,7 @@ CVE-2019-9721 (A denial of service in the subtitle
decoder in FFmpeg 4.1 allows
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav
12.3 al ...)
- - libav <removed>
+ - libav <removed> (unimportant)
NOTE: Actual vulnerability description is (https://lgtm.com/security/):
NOTE: "Denial of service due to quadratic call to strstr in srtdec.c"
NOTE: Using strstr is not an actual DoS
@@ -30979,7 +30979,7 @@ CVE-2019-9718 (In FFmpeg 4.1, a denial of service in
the subtitle decoder allows
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder
allows atta ...)
- - libav <removed>
+ - libav <removed> (unimportant)
NOTE: Non-trivial sscanf format is not an actual DoS
CVE-2019-9716
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5d64ed1625ea9efd0baf239f3813e77b9a5aba3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5d64ed1625ea9efd0baf239f3813e77b9a5aba3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
