Hi Reinhard, On Thu, Aug 07, 2014 at 12:21:11AM +0000, Reinhard Tartler wrote: > Author: siretart > Date: 2014-08-07 00:21:11 +0000 (Thu, 07 Aug 2014) > New Revision: 28115 > > Modified: > data/CVE/list > Log: > update CVE-2013-0860 libav > > Modified: data/CVE/list > =================================================================== > --- data/CVE/list 2014-08-06 23:15:33 UTC (rev 28114) > +++ data/CVE/list 2014-08-07 00:21:11 UTC (rev 28115) > @@ -30288,10 +30288,10 @@ > NOTE: Affects the libav version in experimental > CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c > in ...) > - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks > missing) > - - libav <undetermined> > + - libav <not-affected> (Vulnerable code not present) > + [wheezy] - libav <unfixed> > NOTE: > http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe > - NOTE: libav and ffmpeg code bases have diverged too much, unclear > whether libav is affected > - NOTE: [Vittorio] looks strange, I don't think it happens with the new > code, but a second opinion is welcome > + NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
Do you know anything about the version fixing this issue? If so, we should update the entry to - libav $version_with_fix and remove the separate wheezy-tagged line. Regards and thanks for the updates on the tracker, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
