[Secure-testing-commits] r28208 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Mon Aug 11 09:14:11 UTC 2014 

Author: joeyh
Date: 2014-08-11 09:14:11 +0000 (Mon, 11 Aug 2014)
New Revision: 28208

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-11 05:32:59 UTC (rev 28207)
+++ data/CVE/list	2014-08-11 09:14:11 UTC (rev 28208)
@@ -414,6 +414,7 @@
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
 CVE-2014-5033 [kauth authentication bypass]
 	RESERVED
+	{DSA-3004-1}
 	- kde4libs 4:4.13.3-2 (bug #755814)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
 	NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
@@ -7315,6 +7316,7 @@
 CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
+	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
@@ -22582,6 +22584,7 @@
 	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
 	- libav <not-affected> (Smush codec not present in libav)
 CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
+	{DSA-3003-1}
 	- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
 	- libav <unfixed>
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
@@ -22590,6 +22593,7 @@
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
+	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
@@ -30314,6 +30318,7 @@
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
 	NOTE: Fix needed in ffmpeg 0.5
 CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
+	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10.3-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
@@ -30348,6 +30353,7 @@
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
 	NOTE: Affects the libav version in experimental
 CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in ...)
+	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10.1-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
@@ -30395,10 +30401,12 @@
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
 CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...)
+	{DSA-3003-1}
 	- ffmpeg <not-affected> (PGS subtitle decoder not present)
 	- libav 6:10.3-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
 CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 ...)
+	{DSA-3003-1}
 	- ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5)
 	- libav 6:10.3-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
@@ -30419,6 +30427,7 @@
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
 	NOTE: Needed in ffmpeg 0.5
 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
+	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
@@ -52976,6 +52985,7 @@
 	- libav 4:0.8.1-1
 	- ffmpeg <removed>
 CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg ...)
+	{DSA-3003-1}
 	- libav 6:10.3-1 (unimportant)
 	- ffmpeg <removed> (unimportant)
 	NOTE: Not suitable for code injection, not treated as security issue
@@ -53011,10 +53021,12 @@
 	- libav 4:0.8.1-1
 	- ffmpeg <removed>
 CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...)
+	{DSA-3003-1}
 	- libav 6:10-1
 	- ffmpeg <not-affected> (vuln. code not present, introduced later)
 	NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML
 CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
+	{DSA-3003-1}
 	- libav 6:10-1 (unimportant)
 	- ffmpeg <removed> (unimportant)
 	NOTE: Fixed in libav trunk: http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d

More information about the Secure-testing-commits mailing list