[Secure-testing-commits] r21260 - data/CVE

Reinhard Tartler siretart at alioth.debian.org
Wed Feb 13 06:04:28 UTC 2013 

Author: siretart
Date: 2013-02-13 06:04:26 +0000 (Wed, 13 Feb 2013)
New Revision: 21260

Modified:
   data/CVE/list
Log:
updates for libav (ffmpeg in disguise) 0.5.9 in stable

identified issues that are not present (in fact, the majority)
noted which are pending for the pending 0.5.10 release

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-12 21:14:22 UTC (rev 21259)
+++ data/CVE/list	2013-02-13 06:04:26 UTC (rev 21260)
@@ -13147,6 +13147,7 @@
 	- chromium-browser 22.0.1229.94~r161065-1
 	- libav 6:0.8.5-1 (bug #694483)
 	- ffmpeg <removed>
+	[squeeze] - ffmpeg <undetermined>
 	NOTE: https://chromiumcodereview.appspot.com/10829204
 	NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
 	NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
@@ -13364,60 +13365,65 @@
 CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
 	- ffmpeg <removed> (bug #688849)
 	- libav 6:0.8.5-1 (bug #688847)
+	[squeeze] - ffmpeg <undetermined>
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
 	- ffmpeg <removed> (bug #688849)
 	- libav 6:0.8.5-1 (bug #688847)
+	NOTE: [squeeze] fix pending for 0.5.10
 CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: [squeeze] fix pending for 0.5.10
 CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
 	- ffmpeg <removed> (bug #688849)
 	- libav 6:0.8.5-1 (bug #688847)
 	NOTE: patch proposed: http://patches.libav.org/patch/32642/
 CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.5-1 (bug #688847)
 CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: contrary to the description, this issue is about the decode_subframe in libavcodec/wmaprodec.c
 CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: [squeeze] fix pending for 0.5.10
 CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
+	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
@@ -13425,11 +13431,13 @@
 CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: [squeeze] fix pending for 0.5.10
 	NOTE: duplicate of CVE-2012-2777
 	TODO: mark this properly as duplicate
 CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, ...)
 	- ffmpeg <removed> (bug #688849)
 	- libav 6:0.8.5-1 (bug #688847)
+	NOTE: [squeeze] fix pending for 0.5.10
 CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in ...)
 	- libav <not-affected> (Doesn't affect libav)
 CVE-2012-2781
@@ -13444,6 +13452,7 @@
 CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in ...)
 	[squeeze] - ffmpeg 4:0.5.9-1 (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: [squeeze] fix pending for 0.5.10
 CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in ...)
 	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
@@ -18209,6 +18218,7 @@
 	{DSA-2471-1}
 	- libav 6:0.8.3-1
 	- ffmpeg <removed>
+	NOTE: [squeeze] fix pending for 0.5.10
 CVE-2012-0858 (The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before ...)
 	- libav 4:0.8.1-1
 	[squeeze] - ffmpeg 4:0.5.9-1

More information about the Secure-testing-commits mailing list