[Secure-testing-commits] r23260 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2013-08-09 07:21:45 +0000 (Fri, 09 Aug 2013)
New Revision: 23260

Modified:
   data/CVE/list
Log:
kernel issue arm64-specific, N/A for Debian
one more libav issue fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-09 07:09:45 UTC (rev 23259)
+++ data/CVE/list	2013-08-09 07:21:45 UTC (rev 23260)
@@ -1881,11 +1881,8 @@
 	NOTE: https://github.com/o2platform/DefCon_RESTing
 CVE-2013-4220 [arm64: unhandled el0 traps]
 	RESERVED
-	- linux-2.6 <removed>
-	- linux <unfixed>
-	NOTE: upstream fixes: https://git.kernel.org/linus/381cc2b9705512ee7c7f1839cbdde374625a2a9f
-	NOTE: and https://git.kernel.org/linus/9955ac47f4ba1c95ecb6092aeaefb40a22e99268
-	TODO: check
+	- linux-2.6 <not-affected> (ARM64 not supported)
+	- linux <not-affected> (ARM64 not yet supported)
 CVE-2013-4219
 	RESERVED
 CVE-2013-4218
@@ -10831,12 +10828,9 @@
 CVE-2013-0853 [libavcodec/wavpack.c out of array access]
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed> (bug #717009)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
-	NOTE: Could be fixed by one of the three following commits. Check with upstream:
-	NOTE: http://git.libav.org/?p=libav.git;a=commit;h=fd06291239c1bb616bf303b5696cc432710b2530
-	NOTE: http://git.libav.org/?p=libav.git;a=commit;h=3f0b6d7a6248a33df37b98cfcb37a1acce263f62
-	NOTE: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
+	- libav 6:0.8.8-1 (bug #717009)
+	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
+	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
 CVE-2013-0852 [libavcodec/pgssubdec.c out of array accesses]
 	RESERVED
 	- ffmpeg <not-affected> (PGS subtitle decoder not present)