[Secure-testing-commits] r28322 - data/CVE

Mon Aug 18 04:48:29 UTC 2014

Author: carnil
Date: 2014-08-18 04:48:29 +0000 (Mon, 18 Aug 2014)
New Revision: 28322

Modified:
   data/CVE/list
Log:
Add fixed version for libav issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-08-18 04:44:37 UTC (rev 28321)
+++ data/CVE/list	2014-08-18 04:48:29 UTC (rev 28322)
@@ -7554,7 +7554,7 @@
 CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
 	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav 6:10.4-1
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
 	NOTE: fixed in experimental upload 6:11~alpha2-1, check and merge when upload to unstable
 CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
@@ -7872,7 +7872,7 @@
 	NOTE: [Anton] appears to not be present in any version of libav
 CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
-	- libav <unfixed>
+	- libav 6:10.4-1
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=849b9d34 (master)
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6be5a3c0 (release/10)
@@ -12966,7 +12966,7 @@
 	NOTE: https://trac.ffmpeg.org/ticket/2905
 CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav 6:10.4-1
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
 	NOTE: fixed in experimental upload 6:11~alpha2-1, check and merge when upload to unstable
 CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
@@ -22822,7 +22822,7 @@
 CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
 	{DSA-3003-1}
 	- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
-	- libav <unfixed>
+	- libav 6:10.4-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812
 CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...)
@@ -22831,7 +22831,7 @@
 CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
 	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav 6:10.4-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
 CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
@@ -30665,7 +30665,7 @@
 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
 	{DSA-3003-1}
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav 6:10.4-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
 	NOTE: Needed in ffmpeg 0.5


