[Secure-testing-commits] r28081 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Aug 4 15:25:58 UTC 2014
Author: jmm
Date: 2014-08-04 15:25:58 +0000 (Mon, 04 Aug 2014)
New Revision: 28081
Modified:
data/CVE/list
Log:
fixup two libav entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-04 15:15:41 UTC (rev 28080)
+++ data/CVE/list 2014-08-04 15:25:58 UTC (rev 28081)
@@ -22522,6 +22522,7 @@
CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <undetermined>
+ [wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9
CVE-2013-3669
@@ -52932,10 +52933,8 @@
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...)
- - libav <not-affected>
- [wheezy] - libav <unfixed>
+ - libav 6:10-1
- ffmpeg <not-affected> (vuln. code not present, introduced later)
- NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML
CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
- libav <unfixed> (unimportant)
More information about the Secure-testing-commits
mailing list