[Secure-testing-commits] r32473 - data/CVE

Moritz Muehlenhoff Tue, 24 Feb 2015 13:58:12 -0800

Author: jmm
Date: 2015-02-24 21:56:39 +0000 (Tue, 24 Feb 2015)
New Revision: 32473


Modified:
   data/CVE/list
Log:
libav triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-02-24 21:10:17 UTC (rev 32472)
+++ data/CVE/list       2015-02-24 21:56:39 UTC (rev 32473)
@@ -2798,14 +2798,12 @@
        [squeeze] - ffmpeg <end-of-life>
        - libav <unfixed> (bug #775593)
        NOTE: Applies to 0.8, but in different file (utvideo.c)
-       NOTE: libav: needed
+       NOTE: libav: needed (confirmed)
        NOTE: ffmpeg: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
 CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg 
before ...)
        - ffmpeg 7:2.5.1-1
        [squeeze] - ffmpeg <end-of-life>
-       - libav <unfixed> (bug #775593)
-       NOTE: Applies to 0.8, but in different file (vmdav.c)
-       NOTE: libav: needed
+       - libav <not-affected> (Vulnerable code not present, reproducer tested 
with 8, 11 and trunk)
        NOTE: ffmpeg: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
 CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain 
digits ...)
        - ffmpeg 7:2.5.1-1
@@ -5598,8 +5596,7 @@
        RESERVED
        NOT-FOR-US: SAP Business Objects
 CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in 
FFMpeg ...)
-       - libav <unfixed> (bug #773626)
-       [wheezy] - libav <not-affected> (Vulnerable code not present)
+       - libav <not-affected> (Vulnerable code not present, reproducer tested 
with 8, 11 and trunk)
        - ffmpeg 2.4.4-1
        [squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
        NOTE: ffmpeg: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
@@ -5615,7 +5612,7 @@
        [squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
        NOTE: ffmpeg: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
 CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in 
FFMpeg ...)
-       - libav <unfixed> (bug #773626)
+       - libav <not-affected> (Vulnerable code not present, reproducer tested 
with 8, 11 and trunk)
        - ffmpeg 2.4.4-1
        [squeeze] - ffmpeg <end-of-life>
        NOTE: ffmpeg: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r32473 - data/CVE

Reply via email to