[Secure-testing-commits] r18038 - data/CVE doc

Michael Gilbert gilbert-guest at alioth.debian.org
Thu Jan 5 00:29:23 UTC 2012 

Author: gilbert-guest
Date: 2012-01-05 00:29:22 +0000 (Thu, 05 Jan 2012)
New Revision: 18038

Modified:
   data/CVE/list
   doc/narrative_introduction
Log:
libav mainainers indicate that individual CVEs should be submitted as separate bugs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-04 21:50:25 UTC (rev 18037)
+++ data/CVE/list	2012-01-05 00:29:22 UTC (rev 18038)
@@ -3864,7 +3864,7 @@
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
 	- ffmpeg <removed>
-	- libav <unfixed> (bug #654534)
+	- libav <unfixed> (bug #654534; bug #654573)
 CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 ...)
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
@@ -3872,7 +3872,7 @@
 CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...)
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
-	- libav <unfixed> (bug #654534)
+	- libav <unfixed> (bug #654534; bug #654572)
 	- ffmpeg <removed>
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554 
@@ -3882,7 +3882,7 @@
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
 	[squeeze] - chromium-browser <not-affected>
-	- libav <unfixed> (bug #654534)
+	- libav <unfixed> (bug #654534; bug #654571)
 	- ffmpeg <removed>
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
 CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...)

Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction	2012-01-04 21:50:25 UTC (rev 18037)
+++ doc/narrative_introduction	2012-01-05 00:29:22 UTC (rev 18038)
@@ -272,6 +272,7 @@
 indicated a preference for only one issue per bug report.  The following 
 is a list of packages for which each CVE should be reported separately:
     - php5
+    - libav
 
 A special exception is made for kernel related issues. The kernel-sec group
 will take care of them. It is not necessary to file bugs in the BTS for kernel

More information about the Secure-testing-commits mailing list