[Secure-testing-commits] r23047 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Jul 23 14:20:34 UTC 2013
Author: jmm
Date: 2013-07-23 14:20:33 +0000 (Tue, 23 Jul 2013)
New Revision: 23047
Modified:
data/CVE/list
Log:
libav/ffmpeg triage, some N/A for oldstable, some already fixed in wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-23 11:53:37 UTC (rev 23046)
+++ data/CVE/list 2013-07-23 14:20:33 UTC (rev 23047)
@@ -2689,10 +2689,6 @@
- ffmpeg <removed>
- libav <unfixed> (bug #717009)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
- NOTE: These are likely the libav commits:
- NOTE: http://git.libav.org/?p=libav.git;a=commit;h=701966730ce10290fd49c5ccedd73f505680f764
- NOTE: http://git.libav.org/?p=libav.git;a=commit;h=676da248cad49debc40720baa13214f0b94dcc71
- NOTE: given libav commits fix different things AFAICS
CVE-2013-3669
RESERVED
CVE-2013-3668
@@ -10061,19 +10057,16 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1
CVE-2013-0874 [libavcodec/tiff.c out of array accesses]
RESERVED
- - ffmpeg <removed>
- - libav <unfixed> (bug #717009)
+ - ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
+ - libav <not-affected> (Affected code not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1219cdaf9fb4bc8cea410e1caf802373c1bfe51
- NOTE: Is that the relevant libav commit?
- NOTE: http://git.libav.org/?p=libav.git;a=commit;h=9c2216976907336dfae0e8e38a4d70ca2465a92c
- NOTE: looks invalid - relevant code fragment is not present in libav
CVE-2013-0873 [libavcodec/shorten.c freeing invalid addresses]
RESERVED
- ffmpeg <removed>
- - libav <unfixed> (bug #717009)
- NOTE: Commit in libav: http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
+ - libav 6:0.8.6-1 (bug #717009)
+ NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
- TODO: this pactch seems to be applied, please doublecheck
+ NOTE: Fix needed for ffmpeg 0.5
CVE-2013-0872 [libswresample/swresample.c out of array accesses]
RESERVED
- ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
@@ -10085,17 +10078,16 @@
- linux-2.6 <removed>
CVE-2013-0870 [libavcodec/vp3.c]
RESERVED
- - ffmpeg <removed>
- - libav <unfixed> (bug #717009)
+ - ffmpeg <not-affected> (No threading support in vp3 from ffmpeg 0.5)
+ - libav <not-affected> (Vulnerable code added in ffmpeg post-merge)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a
- NOTE: looks invalid - relevant code fragment is not present in libav
CVE-2013-0869 [libavcodec/h264.c out of array accesses]
RESERVED
- ffmpeg <removed>
- - libav <unfixed> (bug #717009)
- NOTE: That should be the equivalent libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
+ - libav 6:0.8.5-1
+ NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
- TODO: this pactch seems to be applied, please doublecheck
+ NOTE: Fix needed in ffmpeg 0.5
CVE-2013-0868 [libavcodec/huffyuvdec.c out of array writes]
RESERVED
- ffmpeg <removed>
More information about the Secure-testing-commits
mailing list