[Secure-testing-commits] r24671 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2013-12-10 16:19:21 +0000 (Tue, 10 Dec 2013)
New Revision: 24671

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
take hplip, one issue not in oldstable
liba triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-10 15:32:24 UTC (rev 24670)
+++ data/CVE/list	2013-12-10 16:19:21 UTC (rev 24671)
@@ -168,7 +168,8 @@
 CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
-	NOTE: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
+	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
+	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1
 	NOTE: https://trac.ffmpeg.org/ticket/2844
 CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
@@ -195,7 +196,8 @@
 CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
-	NOTE: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
+	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
+	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
 CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
 	- ffmpeg <removed>
 	- libav <unfixed>
@@ -2130,6 +2132,7 @@
 CVE-2013-6427 [insecure auto update feature]
 	RESERVED
 	- hplip <unfixed> (bug #731480)
+	[squeeze] - hplip <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=853405
 CVE-2013-6426
 	RESERVED

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2013-12-10 15:32:24 UTC (rev 24670)
+++ data/dsa-needed.txt	2013-12-10 16:19:21 UTC (rev 24671)
@@ -22,8 +22,7 @@
 --
 gnutls26/oldstable
 --
-hplip
-  for CVE-2013-6427 i think we should disable this functionality
+hplip (jmm)
 --
 iceape (jmm)
 --