[Secure-testing-commits] r28311 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Aug 16 09:24:10 UTC 2014
Author: carnil
Date: 2014-08-16 09:24:10 +0000 (Sat, 16 Aug 2014)
New Revision: 28311
Modified:
data/CVE/list
Log:
Add CVE-2014-5271 and CVE-2014-5272, ffmpeg and libav
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-16 09:18:08 UTC (rev 28310)
+++ data/CVE/list 2014-08-16 09:24:10 UTC (rev 28311)
@@ -1,6 +1,16 @@
CVE-2012-XXXX [passes (encrypted) passwords as commandline arguments]
- accountsservice <unfixed> (bug #757912)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000
+CVE-2014-5272 [out of array access]
+ - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+ - libav <unfixed>
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
+ TODO: check
+CVE-2014-5271 [buffer overflow]
+ - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+ - libav <unfixed>
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
+ TODO: check
CVE-2014-5262 [SQL injection]
- cacti <unfixed>
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
More information about the Secure-testing-commits
mailing list