[Secure-testing-commits] r28286 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Aug 14 20:06:48 UTC 2014


Author: jmm
Date: 2014-08-14 20:06:48 +0000 (Thu, 14 Aug 2014)
New Revision: 28286

Modified:
   data/CVE/list
Log:
ganeti CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-14 13:50:25 UTC (rev 28285)
+++ data/CVE/list	2014-08-14 20:06:48 UTC (rev 28286)
@@ -152,7 +152,7 @@
 	- cacti <unfixed>
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
 	NOTE: CVE id requested via oss-sec, maintainer in the loop
-CVE-2014-XXXX [insecure archive permission]
+CVE-2014-5247 [insecure archive permission]
 	- ganeti 2.11.5-1
 	[wheezy] - ganeti <not-affected> (Vulnerable code not present)
 	[squeeze] - ganeti <not-affected> (Vulnerable code not present)
@@ -12913,9 +12913,8 @@
 	NOTE: https://trac.ffmpeg.org/ticket/2905
 CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <undetermined>
+	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
-	NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
 	NOTE: fixed in experimental upload 6:11~alpha2-1, check and merge when upload to unstable
 CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)




More information about the Secure-testing-commits mailing list