[Secure-testing-commits] r23313 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Aug 14 05:59:25 UTC 2013 

Author: jmm
Date: 2013-08-14 05:59:25 +0000 (Wed, 14 Aug 2013)
New Revision: 23313

Modified:
   data/CVE/list
Log:
fixes in libav (0.9 was uploaded to unstable)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-14 05:37:28 UTC (rev 23312)
+++ data/CVE/list	2013-08-14 05:59:25 UTC (rev 23313)
@@ -3342,27 +3342,21 @@
 CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg ...)
 	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
 	- libav <not-affected> (Smush codec not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
 CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
 	- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
 	- libav <unfixed> (bug #717009)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942
 CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...)
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d23b8462b5a4a9da78ed45c4a7a3b35d538df909
 CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
 	- ffmpeg <removed>
 	- libav <unfixed> (bug #717009)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8d3c99e825317b7efda5fd12e69896b47c700303
 CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7edb984dd051b6919d7d8471c70499273f31b0fa
 CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
 	- ffmpeg <removed>
 	- libav <unfixed> (bug #717009)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
 CVE-2013-3669
 	RESERVED
 CVE-2013-3668
@@ -10780,31 +10774,26 @@
 CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
 	- chromium-browser 25.0.1364.97-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-0878 [libavcodec/targa.c out of array accesses]
+CVE-2013-0878 [libavcodec/targa.c out of array accesses: 796012af6c780b5b13ebca39a491f215515a18fe]
 	RESERVED
 	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
 	- libav <not-affected> (Affected code not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=796012af6c780b5b13ebca39a491f215515a18fe
-CVE-2013-0877 [libavcodec/sanm.c out of array accesses]
+CVE-2013-0877 [libavcodec/sanm.c out of array accesses: 365270aec5c2b9284230abc702b11168818f14cf]
 	RESERVED
 	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
 	- libav <not-affected> (Smush codec not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=365270aec5c2b9284230abc702b11168818f14cf
-CVE-2013-0876 [libavcodec/sanm.c integer overflow and out of array accesses]
+CVE-2013-0876 [libavcodec/sanm.c integer overflow and out of array accesses: 5260edee7e5bd975837696c8c8c1a80eb2fbd7c1]
 	RESERVED
 	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
 	- libav <not-affected> (Smush codec not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1
-CVE-2013-0875 [libavcodec/pngdec.c dont access out array elements]
+CVE-2013-0875 [libavcodec/pngdec.c dont access out array elements: 1ac0fa50eff30d413206cffa5f47f7fe6d4849b1]
 	RESERVED
 	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
 	- libav <not-affected> (Affected code not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1
-CVE-2013-0874 [libavcodec/tiff.c out of array accesses]
+CVE-2013-0874 [libavcodec/tiff.c out of array accesses: e1219cdaf9fb4bc8cea410e1caf802373c1bfe51]
 	RESERVED
 	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
 	- libav <not-affected> (Affected code not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1219cdaf9fb4bc8cea410e1caf802373c1bfe51
 CVE-2013-0873 [libavcodec/shorten.c freeing invalid addresses]
 	RESERVED
 	- ffmpeg <removed>
@@ -10812,20 +10801,18 @@
 	NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
 	NOTE: Fix needed for ffmpeg 0.5
-CVE-2013-0872 [libswresample/swresample.c out of array accesses]
+CVE-2013-0872 [libswresample/swresample.c out of array accesses: 21cd905cd44a4bbafe8631bbaa6021d328413ce5]
 	RESERVED
 	- ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
 	- libav <not-affected> (libswresample not present in libav, linavresamle not affected)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21cd905cd44a4bbafe8631bbaa6021d328413ce5
 CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before ...)
 	{DSA-2632-1}
 	- linux 3.2.39-1
 	- linux-2.6 <removed>
-CVE-2013-0870 [libavcodec/vp3.c]
+CVE-2013-0870 [libavcodec/vp3.c: 14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a]
 	RESERVED
 	- ffmpeg <not-affected> (No threading support in vp3 from ffmpeg 0.5)
 	- libav <not-affected> (Vulnerable code added in ffmpeg post-merge)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a
 CVE-2013-0869 [libavcodec/h264.c out of array accesses]
 	RESERVED
 	- ffmpeg <removed>
@@ -10853,24 +10840,20 @@
 CVE-2013-0865 [libavcodec/vqavideo.c out of array writes]
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed> (bug #717009)
+	- libav 6:9.8-1 (bug #717009)
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
-	NOTE: fixed in experimental
-CVE-2013-0864 [libavcodec/gifdec.c out of array accesses]
+CVE-2013-0864 [libavcodec/gifdec.c out of array accesses: c10350358da58600884292c08a8690289b81de29]
 	RESERVED
 	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
 	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c10350358da58600884292c08a8690289b81de29
-CVE-2013-0863 [libavcodec/sanm.c buffer overflow]
+CVE-2013-0863 [libavcodec/sanm.c buffer overflow: 7357ca900efcf829de4cce4cec6ddc286526d417]
 	RESERVED
 	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
 	- libav <not-affected> (Smush codec not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7357ca900efcf829de4cce4cec6ddc286526d417
-CVE-2013-0862 [libavcodec/sanm.c integer overflows and out of array accesses]
+CVE-2013-0862 [libavcodec/sanm.c integer overflows and out of array accesses: 49b729d3af8464de431362e6c5b3027102bc2f88]
 	RESERVED
 	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
 	- libav <not-affected> (Smush codec not present in libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=49b729d3af8464de431362e6c5b3027102bc2f88
 CVE-2013-0861 [libavcodec/utils.c memory corruption]
 	RESERVED
 	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
@@ -10882,11 +10865,10 @@
 	- ffmpeg <removed>
 	- libav <unfixed> (bug #717009)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
-CVE-2013-0859 [libavcodec/tiff.c out of array access]
+CVE-2013-0859 [libavcodec/tiff.c out of array access: 6d1c5ea04af3e345232aa70c944de961061dab2d]
 	RESERVED
 	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
 	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6d1c5ea04af3e345232aa70c944de961061dab2d
 CVE-2013-0858 [libavcodec/atrac3.c]
 	RESERVED
 	- ffmpeg <removed>
@@ -10937,15 +10919,13 @@
 CVE-2013-0850 [libavcodec/h264.c out of array accesses]
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed> (bug #717009)
+	- libav 6:9~beta2-1 (bug #717009)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
 	NOTE: This seems to be the corresponding libav commit: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
-	NOTE: seems fixed in experimental
 CVE-2013-0849 [libavcodec/roqvideodec.c]
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed> (bug #717009)
-	NOTE: fixed in experimental
+	- libav 6:9.3-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
 	NOTE: Needed in ffmpeg 0.5
@@ -10964,8 +10944,8 @@
 CVE-2013-0846 [libavcodec/qdm2.c out of array accesses]
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed> (bug #717009)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
+	- libav 6:9.3-1 (bug #717009)
+	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
 	NOTE: Needed for ffmpeg 0.5
 CVE-2013-0845 [libavcodec/alsdec.c]
@@ -22759,10 +22739,8 @@
 	- chromium-browser 22.0.1229.94~r161065-1
 	[squeeze] - chromium-browser <end-of-life>
 	- libav 6:0.8.5-1 (bug #694483)
-	- ffmpeg <removed>
-	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
+	- ffmpeg <not-affected> (vulnerable code not present)
 	NOTE: https://chromiumcodereview.appspot.com/10829204
-	NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
 	NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
 	- chromium-browser 22.0.1229.94~r161065-1

More information about the Secure-testing-commits mailing list