[Secure-testing-commits] r23056 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Jul 24 06:25:35 UTC 2013 

Author: jmm
Date: 2013-07-24 06:25:34 +0000 (Wed, 24 Jul 2013)
New Revision: 23056

Modified:
   data/CVE/list
Log:
update status on kernel issue
ffmpeg/libav triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-07-23 22:16:58 UTC (rev 23055)
+++ data/CVE/list	2013-07-24 06:25:34 UTC (rev 23056)
@@ -1512,9 +1512,7 @@
 CVE-2013-4163 [linux: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu]
 	RESERVED
 	- linux <unfixed>
-	- linux-2.6 <removed>
-	NOTE: Upstream fix https://git.kernel.org/linus/75a493e60ac4bbe2e977e7129d6d8cbb0dd236be
-	TODO: check
+	- linux-2.6 <not-affected> (Introduced in 3.5)
 CVE-2013-4162 [linux: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled]
 	RESERVED
 	- linux <unfixed>
@@ -10117,10 +10115,9 @@
 CVE-2013-0866 [libavcodec/aacdec.c out of array accesses]
 	RESERVED
 	- ffmpeg <removed>
-	- libav <unfixed> (bug #717009)
+	- libav 6:0.8.7-1 (bug #717009)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
-	TODO: above fix seems to be applied - doublecheck
 CVE-2013-0865 [libavcodec/vqavideo.c out of array writes]
 	RESERVED
 	- ffmpeg <removed>
@@ -10145,9 +10142,9 @@
 CVE-2013-0861 [libavcodec/utils.c memory corruption]
 	RESERVED
 	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
-	- libav <unfixed> (bug #717009)
-	[wheezy] - libav <not-affected> (Affected code not present in libav 0.8.x)
+	- libav <not-affected> (Affected code not present in libav 0.8.x)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
+	NOTE: Affects the libav version in experimental
 CVE-2013-0860 [libavcodec/error_resilience.c state inconsistency and null pointer deref]
 	RESERVED
 	- ffmpeg <removed>

More information about the Secure-testing-commits mailing list