[Secure-testing-commits] r28264 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Aug 14 05:35:52 UTC 2014
Author: carnil
Date: 2014-08-14 05:35:51 +0000 (Thu, 14 Aug 2014)
New Revision: 28264
Modified:
data/CVE/list
Log:
Add note for CVE-2013-7020 and CVE-2014-2263
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-14 04:28:14 UTC (rev 28263)
+++ data/CVE/list 2014-08-14 05:35:51 UTC (rev 28264)
@@ -7488,6 +7488,7 @@
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <unfixed>
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
+ NOTE: fixed in experimental upload 6:11~alpha2-1, check and merge when upload to unstable
CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
NOT-FOR-US: Base SAS
CVE-2014-2261
@@ -12899,6 +12900,7 @@
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
+ NOTE: fixed in experimental upload 6:11~alpha2-1, check and merge when upload to unstable
CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list