[Secure-testing-commits] r22810 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Jul 1 17:50:29 UTC 2013
Author: jmm
Date: 2013-07-01 17:50:28 +0000 (Mon, 01 Jul 2013)
New Revision: 22810
Modified:
data/CVE/list
Log:
more ffmpeg/libav triage, many N/A, some confirmed
filed bug for libzrtpcpp (no-dsa)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-01 10:18:07 UTC (rev 22809)
+++ data/CVE/list 2013-07-01 17:50:28 UTC (rev 22810)
@@ -2184,14 +2184,12 @@
- libav <not-affected> (Smush codec not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
+ - ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
- libav <unfixed>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...)
- - ffmpeg <removed>
- - libav <unfixed>
- TODO: check
+ - ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
+ - libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d23b8462b5a4a9da78ed45c4a7a3b35d538df909
CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
- ffmpeg <removed>
@@ -2199,16 +2197,16 @@
TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8d3c99e825317b7efda5fd12e69896b47c700303
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
- - ffmpeg <removed>
- - libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.2.1
+ - ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
+ - libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7edb984dd051b6919d7d8471c70499273f31b0fa
CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
+ NOTE: These are likely the libav commits:
+ NOTE: http://git.libav.org/?p=libav.git;a=commit;h=701966730ce10290fd49c5ccedd73f505680f764
+ NOTE: http://git.libav.org/?p=libav.git;a=commit;h=676da248cad49debc40720baa13214f0b94dcc71
CVE-2013-3669
RESERVED
CVE-2013-3668
@@ -5593,13 +5591,19 @@
- linux <unfixed>
CVE-2013-2223 [Multiple remote heap memory disclosures]
RESERVED
- - libzrtpcpp <unfixed>
+ - libzrtpcpp <unfixed> (bug #714650)
+ [squeeze] - libzrtpcpp <no-dsa> (Minor issue)
+ [wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2222 [Multiple remote stack overflows]
RESERVED
- - libzrtpcpp <unfixed>
+ - libzrtpcpp <unfixed> (bug #714650)
+ [squeeze] - libzrtpcpp <no-dsa> (Minor issue)
+ [wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2221 [Remote heap overflow]
RESERVED
- - libzrtpcpp <unfixed>
+ - libzrtpcpp <unfixed> (bug #714650)
+ [squeeze] - libzrtpcpp <no-dsa> (Minor issue)
+ [wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2220 [radius_get_vendor_attr vendor specific attributes size checks]
RESERVED
- php-radius <unfixed> (bug #714362)
@@ -9484,10 +9488,9 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
CVE-2013-0872 [libswresample/swresample.c out of array accesses]
RESERVED
- - ffmpeg <removed>
+ - ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
+ [wheezy] - libav <not-affected> (libavresample not yet present in libav/0.8)
- libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.1.3
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21cd905cd44a4bbafe8631bbaa6021d328413ce5
CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before ...)
{DSA-2632-1}
@@ -9497,26 +9500,23 @@
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a
CVE-2013-0869 [libavcodec/h264.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
+ NOTE: That should be the equivalent libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
CVE-2013-0868 [libavcodec/huffyuvdec.c out of array writes]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 [libavcodec/h264.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 [libavcodec/aacdec.c out of array accesses]
RESERVED
@@ -9531,9 +9531,8 @@
NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
CVE-2013-0864 [libavcodec/gifdec.c out of array accesses]
RESERVED
- - ffmpeg <removed>
- - libav <unfixed>
- TODO: check
+ - ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
+ - libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c10350358da58600884292c08a8690289b81de29
CVE-2013-0863 [libavcodec/sanm.c buffer overflow]
RESERVED
@@ -9547,35 +9546,30 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=49b729d3af8464de431362e6c5b3027102bc2f88
CVE-2013-0861 [libavcodec/utils.c memory corruption]
RESERVED
- - ffmpeg <removed>
+ - ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
- libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.0.4
+ [wheezy] - libav <not-affected> (Affected code not present in libav 0.8.x)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
CVE-2013-0860 [libavcodec/error_resilience.c state inconsistency and null pointer deref]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: fixed in ffmpeg 1.0.4
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
CVE-2013-0859 [libavcodec/tiff.c out of array access]
RESERVED
- - ffmpeg <removed>
- - libav <unfixed>
- TODO: check
+ - ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
+ - libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6d1c5ea04af3e345232aa70c944de961061dab2d
CVE-2013-0858 [libavcodec/atrac3.c]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
CVE-2013-0857 [libavcodec/iff.c]
RESERVED
- - ffmpeg <removed>
+ - ffmpeg <not-affected> (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg)
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
CVE-2013-0856 [libavcodec/alac.c]
RESERVED
@@ -9593,14 +9587,17 @@
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
CVE-2013-0853 [libavcodec/wavpack.c out of array access]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
+ NOTE: Could be fixed by one of the three following commits. Check with upstream:
+ NOTE: http://git.libav.org/?p=libav.git;a=commit;h=fd06291239c1bb616bf303b5696cc432710b2530
+ NOTE: http://git.libav.org/?p=libav.git;a=commit;h=3f0b6d7a6248a33df37b98cfcb37a1acce263f62
+ NOTE: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
CVE-2013-0852 [libavcodec/pgssubdec.c out of array accesses]
RESERVED
- ffmpeg <not-affected> (PGS subtitle decoder not present)
@@ -9653,7 +9650,6 @@
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome ...)
- chromium-browser <not-affected> (MacOS-specific)
More information about the Secure-testing-commits
mailing list