Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a18936e by Sylvain Beucler at 2019-11-23T11:03:10Z
libav: tidy updated vulnerabilities
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16694,9 +16694,9 @@ CVE-2019-14442 (In mpc8_read_header in
libavformat/mpc8.c in Libav 12.3, an inpu
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1159
CVE-2019-14441 (** DISPUTED ** An issue was discovered in Libav 12.3. An
access violat ...)
- libav <removed>
- [jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent
info upstream)
+ [jessie] - libav <postponed> (cf. CVE-2018-19129)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0
- NOTE: Duplicate of CVE-2019-19129
+ NOTE: Duplicate of CVE-2018-19129
CVE-2019-14440
RESERVED
CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
@@ -31611,7 +31611,7 @@ CVE-2019-9720 (A stack-based buffer overflow in the
subtitle decoder in Libav 12
NOTE: "Denial of service due to quadratic call to strstr in srtdec.c"
NOTE: Using strstr is not an actual DoS
CVE-2019-9719 (** DISPUTED ** A stack-based buffer overflow in the subtitle
decoder i ...)
- - libav <undetermined>
+ - libav <unfixed> (unimportant)
NOTE: Generic low-certainty warning about snprintf usage without
rationale
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder
allows atta ...)
{DSA-4449-1}
@@ -59169,12 +59169,12 @@ CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a
serious leak can get everyone's
NOT-FOR-US: Flarum Core
CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory
access in vc1 ...)
- libav <removed>
- [jessie] - libav <ignored> (cf. CVE-2017-17127)
+ [jessie] - libav <postponed> (cf. CVE-2017-17127)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
NOTE: Duplicate of CVE-2017-17127
CVE-2018-19129 (In Libav 12.3, a NULL pointer dereference (RIP points to zero)
issue i ...)
- libav <removed>
- [jessie] - libav <postponed> (cf. CVE-2019-14441)
+ [jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent
info upstream)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1138
NOTE: Duplicate of CVE-2019-14441
CVE-2018-19128 (In Libav 12.3, there is a heap-based buffer over-read in
decode_frame ...)
@@ -110204,9 +110204,10 @@ CVE-2017-17128 (The h264_slice_init function in
libavcodec/h264_slice.c in Libav
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1104
CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav
12.2 all ...)
- libav <removed>
- [jessie] - libav <ignored> (Minor issue)
+ [jessie] - libav <postponed> (no patch)
[wheezy] - libav <ignored> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
+ NOTE: Duplicate of CVE-2018-19130
CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils
2.29.1 al ...)
[experimental] - binutils 2.29.51.20171208-1
- binutils 2.29.90.20180122-1 (low)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a18936ef3f72e2bee5052f7bd803837785b8433
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a18936ef3f72e2bee5052f7bd803837785b8433
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
