[Secure-testing-commits] r37976 - in data: . CVE

Sun, 29 Nov 2015 16:41:13 -0800 

Author: benh
Date: 2015-11-30 00:40:10 +0000 (Mon, 30 Nov 2015)
New Revision: 37976

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-11-29 22:42:31 UTC (rev 37975)
+++ data/CVE/list       2015-11-30 00:40:10 UTC (rev 37976)
@@ -6,14 +6,17 @@
        RESERVED
 CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in 
FFmpeg ...)
        - ffmpeg 7:2.8.3-1 (bug #806519)
+       [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
        - libav <undetermined>
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
 CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in ...)
        - ffmpeg 7:2.8.3-1 (bug #806519)
+       [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
        - libav <undetermined>
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
 CVE-2015-8363 (The jpeg2000_read_main_headers function in 
libavcodec/jpeg2000dec.c in ...)
        - ffmpeg 7:2.8.3-1 (bug #806519)
+       [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
        - libav <undetermined>
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
 CVE-2015-8362
@@ -5221,6 +5224,10 @@
        RESERVED
        [experimental] - srtp 1.5.3~dfsg-1
        - srtp <unfixed>
+       NOTE: 
https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
+       NOTE: 
https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
+       NOTE: 
https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
+       NOTE: 
https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
        TODO: check details
 CVE-2015-6359
        RESERVED
@@ -10238,7 +10245,7 @@
        - iceweasel 38.4.0esr-1
        [squeeze] - iceweasel <end-of-life>
        - icedove 38.4.0-1
-       [squeeze] - iceweasel <end-of-life>
+       [squeeze] - icedove <end-of-life>
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
 CVE-2015-4512 (gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on 
Linux ...)
        - iceweasel <not-affected> (Affects only 40.x)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-11-29 22:42:31 UTC (rev 37975)
+++ data/dla-needed.txt 2015-11-30 00:40:10 UTC (rev 37976)
@@ -42,6 +42,8 @@
 squid
   NOTE: CVE-2015-5400: Fix is hard to backport, and default configuration is 
not affected
 --
+srtp
+--
 sudo (Ben Hutchings)
   NOTE: Maintainer want to review the updated package:
   https://lists.debian.org/[email protected]


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to