<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Markus Koschany pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/04e22df4320d9bb97d8ed7885753975d663da2a7">04e22df4</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:42Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-9994,libav: Jessie is affected

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/022313875722b59049e8ed2c4bc7b8dda9728822">02231387</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:43Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-9993,libav: Jessie is partially affected.

Jessie is only partially affected. Only the second commit is relevant. HTTP

Live Streaming filename extension code is not present.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6327bf1656b0a4349c5d606af4e32a273bb3bd0">e6327bf1</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:43Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-9987,libav: Update NOTES.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/9410026adf29ae0ceaab68a21b462534ed350f4b">9410026a</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:44Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-7866,libav: Jessie is not affected.

The function decode_zbuf does not exist.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/f76c97e2055aaa8c9f85dc65b50ba2a1e6cc6e09">f76c97e2</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:44Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-7865,libav: Jessie is affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/b53b3a799e2105b843a2c75644c985e0c0f3a0ff">b53b3a79</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:45Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-15672,libav: Jessie is affected

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6db3d107a3991d3af4a7a48057b2bcadb65e7cc">d6db3d10</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:46Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-15186,libav: Jessie is not affected.

The vulnerable code was introduced later.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/2eb0f1193ec7058c3eb04b7dbcd38f208d18f37e">2eb0f119</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:46Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-14767,libav: Jessie is affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9bd7c9a184329b6d9bde23423773ed084db27f1">b9bd7c9a</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:47Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-14223,libav: Jessie is affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc39374c746c9b32977b38d348099ce937e41ce4">dc39374c</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:48Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-14222,libav: Jessie is not affected.

The read_tfra function is not present. There is another read_tfra function in

tools/ismindex.c but this one is different.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/4441bb6a8e371b8d284e80668924e130c29f5bcd">4441bb6a</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:48Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-14171,libav: Jessie is affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/95386bd4b2f075ee79b6e60960fe73d6fa2224ce">95386bd4</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:49Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-14170,libav: Jessie is affected.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/107e10b1a09e08c10f5257e437d99185bd7a979e">107e10b1</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:50Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-14169,libav: Jessie could be affected.

Libav in Jessie uses a different guard for item_num. Maybe the new guard is not

necessary at all. For now mark the package as vulnerable and check again later.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/54ad2bcc4c7c74b2d52f2d0648d19d4a5080f70a">54ad2bcc</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-12T21:56:50Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2017-14059,libav: Jessie is not affected.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff295614533d49cc56bb24edb7e2e7c467e6c069...54ad2bcc4c7c74b2d52f2d0648d19d4a5080f70a#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff295614533d49cc56bb24edb7e2e7c467e6c069...54ad2bcc4c7c74b2d52f2d0648d19d4a5080f70a">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>