[Secure-testing-commits] r16024 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Feb 1 05:05:48 UTC 2011
Author: gilbert-guest
Date: 2011-02-01 05:05:46 +0000 (Tue, 01 Feb 2011)
New Revision: 16024
Modified:
data/CVE/list
Log:
info on ffmpeg issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-02-01 04:21:15 UTC (rev 16023)
+++ data/CVE/list 2011-02-01 05:05:46 UTC (rev 16024)
@@ -109,11 +109,13 @@
[lenny] - pam <no-dsa> (Minor issue)
[squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in ...)
- - ffmpeg <unfixed> (bug #611495)
- - ffmpeg-debian <removed>
+ - ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495)
+ - ffmpeg-debian <not-affected> (issue introduced in 0.6.x series)
+ NOTE: recheck when 0.6.x gets uploaded
CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and ...)
- - ffmpeg <unfixed> (bug #611495)
- - ffmpeg-debian <removed>
+ - ffmpeg <unfixed> (low; bug #611495)
+ - ffmpeg-debian <removed> (low)
+ NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency)
CVE-2010-XXXX
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
More information about the Secure-testing-commits
mailing list