[Secure-testing-commits] r20804 - data/CVE

Fri Jan 4 10:41:59 UTC 2013

Author: jmm
Date: 2013-01-04 10:41:59 +0000 (Fri, 04 Jan 2013)
New Revision: 20804

Modified:
   data/CVE/list
Log:
updates from siretart, thanks


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-01-04 10:17:21 UTC (rev 20803)
+++ data/CVE/list	2013-01-04 10:41:59 UTC (rev 20804)
@@ -4355,19 +4355,22 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-5361
 	RESERVED
-	- ffmpeg <removed>
-	- libav <unfixed> (bug #694483)
+	- ffmpeg <undetermined>
+	- libav <undetermined> (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
+	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5360
 	RESERVED
-	- ffmpeg <removed>
-	- libav <unfixed> (bug #694483)
+	- ffmpeg <undetermined>
+	- libav <undetermined> (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
+	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5359
 	RESERVED
-	- ffmpeg <removed>
-	- libav <unfixed> (bug #694483)
+	- ffmpeg <undetermined>
+	- libav <undetermined> (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
+	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5358
 	RESERVED
 CVE-2012-5357
@@ -10812,6 +10815,7 @@
 	- libav <unfixed> (bug #694483)
 	- ffmpeg <removed>
 	NOTE: https://chromiumcodereview.appspot.com/10829204
+	NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
 	- chromium-browser 22.0.1229.94~r161065-1
 CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote ...)
@@ -11024,8 +11028,10 @@
 CVE-2012-2805
 	RESERVED
 CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
-	- libav <unfixed> (bug #688847)
+	- ffmpeg <undetermined> (bug #688849)
+	- libav <undetermined> (bug #688847)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a80ebe491609e04110a1dd540a0ca79d3be3d04
+	NOTE: ffmpeg fix is not a fix, it's unclear what real issue it is supposed to fix
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav <unfixed> (bug #688847)
@@ -11045,8 +11051,10 @@
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
-	- libav <unfixed> (bug #688847)
+	- ffmpeg <undetermined> (bug #688849)
+	- libav <undetermined> (bug #688847)
+	NOTE: patch proposed: http://patches.libav.org/patch/32642/
+	NOTE: Reproducer needed
 CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
@@ -11110,8 +11118,11 @@
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg ...)
-	[squeeze] - ffmpeg <unfixed> (bug #688849)
-	- libav <unfixed> (bug #688847)
+	- ffmpeg <undetermined> (bug #688849)
+	- libav <undetermined> (bug #688847)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
+	NOTE: patch proposed: http://patches.libav.org/patch/32644/
+	NOTE: Reproducer needed
 CVE-2012-2773
 	RESERVED
 CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in ...)


