<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Markus Koschany pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/6dcb422fd985ba7721fedf879269af65564ecec6">6dcb422f</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:00Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-5766,libav: Remove ignored tag.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6fb5473340f5e72b6c1656d98a5f8b4d229b431">f6fb5473</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:00Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-5684,libav: Jessie is not affected

The vulnerable code in function ff_mov_read_stsd_entries is not present.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0677736521d3e8670163a63ca0ab773668536ec">a0677736</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:01Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-20001,libav: no-dsa for Jessie

The floating point exception cannot be observed on Jessie, with or without

ASAN. The possibly vulnerable function is present hence mark the issue as

no-dsa (low priority) for now. The POC triggers the following message:

Could not find codec parameters (Audio: ape, mono, u8p)

This might indicate that some code to exploit this issue is missing.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee4c45661b0b716658cc070d29d1156366444bbc">ee4c4566</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:02Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-1999015,libav: Jessie is not affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbc1fc68f286dd85cf4f3266a3e3474adee7de35">bbc1fc68</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:02Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-1999014,libav: Jessie is not affected

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb2677392277f4446ca31d1ce7a7cfa423596d9b">eb267739</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:03Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-1999013,libav: Jessie is not affected

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/c29b1ffe512ab40b37c963cd630b07e92a3701a0">c29b1ffe</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:04Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-1999012,libav: Jessie is affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac1e3198cdd9b93b65c172f3ca4ff6a89dfcf430">ac1e3198</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:04Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-1999011,libav: Jessie is not affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/b66dfc5b745e30972a4c2fe606835ec7d6c94872">b66dfc5b</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-11T14:15:05Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-1999010,libav: Jessie is affected.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/0927dab5ed33774b6ade6c6a022c2ce1166bead5...b66dfc5b745e30972a4c2fe606835ec7d6c94872#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/0927dab5ed33774b6ade6c6a022c2ce1166bead5...b66dfc5b745e30972a4c2fe606835ec7d6c94872">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>