[Secure-testing-commits] r28115 - data/CVE
Reinhard Tartler
siretart at moszumanska.debian.org
Thu Aug 7 00:21:11 UTC 2014
Author: siretart
Date: 2014-08-07 00:21:11 +0000 (Thu, 07 Aug 2014)
New Revision: 28115
Modified:
data/CVE/list
Log:
update CVE-2013-0860 libav
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-06 23:15:33 UTC (rev 28114)
+++ data/CVE/list 2014-08-07 00:21:11 UTC (rev 28115)
@@ -30288,10 +30288,10 @@
NOTE: Affects the libav version in experimental
CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in ...)
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- - libav <undetermined>
+ - libav <not-affected> (Vulnerable code not present)
+ [wheezy] - libav <unfixed>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
- NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
- NOTE: [Vittorio] looks strange, I don't think it happens with the new code, but a second opinion is welcome
+ NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg ...)
- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
More information about the Secure-testing-commits
mailing list