[Secure-testing-commits] r28181 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Aug 10 09:44:16 UTC 2014
Author: jmm
Date: 2014-08-10 09:44:16 +0000 (Sun, 10 Aug 2014)
New Revision: 28181
Modified:
data/CVE/list
Log:
libav fixes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-10 05:28:30 UTC (rev 28180)
+++ data/CVE/list 2014-08-10 09:44:16 UTC (rev 28181)
@@ -7308,6 +7308,7 @@
CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <unfixed>
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
NOT-FOR-US: Base SAS
CVE-2014-2261
@@ -22573,17 +22574,17 @@
- libav <not-affected> (Smush codec not present in libav)
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
- - libav <undetermined>
+ - libav <unfixed>
NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
- NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- - libav <undetermined>
+ - libav <unfixed>
NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
- NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -30410,10 +30411,10 @@
NOTE: Needed in ffmpeg 0.5
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- - libav <undetermined>
+ - libav <unfixed>
NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
NOTE: Needed in ffmpeg 0.5
- NOTE: Unclear if this really affects libav due to different code, need to find a test case in form of a sample
CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before ...)
- ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5)
- libav <not-affected> (Code in libav is different, read_ttag)
@@ -53005,10 +53006,9 @@
- ffmpeg <not-affected> (vuln. code not present, introduced later)
NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML
CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
- - libav <unfixed> (unimportant)
+ - libav 6:10-1 (unimportant)
- ffmpeg <removed> (unimportant)
- NOTE: Fixed in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d
- NOTE: Fixes for 0.8.x and 0.9.x still needed, backport too intrusive
+ NOTE: Fixed in libav trunk: http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d
NOTE: only a crasher
CVE-2011-3933
RESERVED
More information about the Secure-testing-commits
mailing list