[Secure-testing-commits] r20824 - data/CVE

Reinhard Tartler siretart at alioth.debian.org
Sat Jan 5 11:11:35 UTC 2013 

Author: siretart
Date: 2013-01-05 11:11:35 +0000 (Sat, 05 Jan 2013)
New Revision: 20824

Modified:
   data/CVE/list
Log:
upstream inclusion status on libav CVE entries

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-01-05 10:21:22 UTC (rev 20823)
+++ data/CVE/list	2013-01-05 11:11:35 UTC (rev 20824)
@@ -11047,71 +11047,89 @@
 	- libav <undetermined> (bug #688847)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a80ebe491609e04110a1dd540a0ca79d3be3d04
 	NOTE: ffmpeg fix is not a fix, it's unclear what real issue it is supposed to fix
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav <unfixed> (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
 	- ffmpeg <undetermined> (bug #688849)
-	- libav <undetermined> (bug #688847)
+	- libav <unfixed> (bug #688847)
 	NOTE: patch proposed: http://patches.libav.org/patch/32642/
-	NOTE: Reproducer needed
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav <unfixed> (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+        NOTE: duplicate of CVE-2012-2777
+        TODO: mark this properly as duplicate
 CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav <unfixed> (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in ...)
 	- libav <not-affected> (Doesn't affect libav)
 CVE-2012-2781
@@ -11121,28 +11139,34 @@
 CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2778
 	RESERVED
 CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg ...)
 	- ffmpeg <undetermined> (bug #688849)
-	- libav <undetermined> (bug #688847)
+	- libav <not-affected> (bug #688847)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
 	NOTE: patch proposed: http://patches.libav.org/patch/32644/
 	NOTE: Reproducer needed
+	NOTE: there is no crash, just a couple uninitialized reads, harmless according to Janne
 CVE-2012-2773
 	RESERVED
 CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in ...)
 	[squeeze] - ffmpeg <unfixed> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
+	NOTE: scheduled for libav 0.8.5
 CVE-2012-2771
 	RESERVED
 CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best Practical ...)

More information about the Secure-testing-commits mailing list