Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774

Thu, 03 Jan 2013 22:05:16 -0800 

On Fri, Jan 4, 2013 at 12:19 AM, Reinhard Tartler <[email protected]> wrote:
> ---
>  CVE/list |    4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/CVE/list b/CVE/list
> index 44dabb2..106a5c4 100644
> --- a/CVE/list
> +++ b/CVE/list
> @@ -10805,6 +10805,7 @@ CVE-2012-2882 (FFmpeg, as used in Google Chrome 
> before 22.0.1229.79, does not ..
>         - libav <unfixed> (bug #694483)
>         - ffmpeg <removed>
>         NOTE: https://chromiumcodereview.appspot.com/10829204
> +       NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
>  CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle 
> plug-ins, ...)
>         - chromium-browser 22.0.1229.94~r161065-1
>  CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows 
> remote ...)
> @@ -11043,6 +11044,7 @@ CVE-2012-2798 (Unspecified vulnerability in the 
> decode_dds1 function in ...)
>  CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function 
> in ...)
>         [squeeze] - ffmpeg <unfixed> (bug #688849)
>         - libav <unfixed> (bug #688847)
> +       NOTE: patch proposed: http://patches.libav.org/patch/32642/
Based on Justins review, the libav <unfixed> should be <unspecified>
until someone can come up with a sample.

>  CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in 
> ...)
>         [squeeze] - ffmpeg <unfixed> (bug #688849)
>         - libav 6:0.8.4-1 (bug #688847)
> @@ -11108,6 +11110,8 @@ CVE-2012-2775 (Unspecified vulnerability in the 
> read_var_block_data function in
>  CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in 
> FFmpeg ...)
>         [squeeze] - ffmpeg <unfixed> (bug #688849)
>         - libav <unfixed> (bug #688847)
> +       NOTE: 
> http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
> +       NOTE: patch proposed: http://patches.libav.org/patch/32644/
Based on Ronald's review, the libav <unfixed> should be <unspecified>
until someone can come up with a sample

Do you want me to resent an updated patch, or can you change this
while applying?

-- 
regards,
    Reinhard


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: 
http://lists.debian.org/caj0cceba3y7iccbjwo8ulktcny3yxu__ik2ge5osvxulgum...@mail.gmail.com

Reply via email to