[Secure-testing-commits] r30748 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Dec 15 08:11:48 UTC 2014
Author: jmm
Date: 2014-12-15 08:11:48 +0000 (Mon, 15 Dec 2014)
New Revision: 30748
Modified:
data/CVE/list
Log:
three new ffmpeg/libav issue
asterisk CVEfied
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-15 06:37:50 UTC (rev 30747)
+++ data/CVE/list 2014-12-15 08:11:48 UTC (rev 30748)
@@ -103,11 +103,18 @@
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
- TODO: check
+ - libav <unfixed>
+ [wheezy] - libav <not-affected> (Vulnerable code not present)
+ - ffmpeg 2.4.4-1
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
- TODO: check
+ - libav <not-affected> (Vulnerable code not present)
+ - ffmpeg 2.4.4-1
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg ...)
- TODO: check
+ - libav <unfixed>
+ - ffmpeg 2.4.4-1
+ [squeeze] - ffmpeg <end-of-life>
CVE-2014-9315
RESERVED
CVE-2014-9314
@@ -142,7 +149,7 @@
TODO: check
CVE-2014-9299
RESERVED
-CVE-2014-XXXX
+CVE-2014-9374
- asterisk <unfixed>
[wheezy] - asterisk <not-affected> (Web socket code not yet present)
[squeeze] - asterisk <not-affected> (Web socket code not yet present)
@@ -549,9 +556,9 @@
CVE-2014-9167
RESERVED
CVE-2014-9166 (Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2014-9165 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-9164 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-9163 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 ...)
@@ -563,9 +570,9 @@
CVE-2014-9160
RESERVED
CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-9155 (Directory traversal vulnerability in the Avatar Uploader module ...)
NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2014-9154 (The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly ...)
@@ -1070,7 +1077,7 @@
CVE-2014-8999 (SQL injection vulnerability in htdocs/modules/system/admin.php in ...)
NOT-FOR-US: XOOPS
CVE-2014-8998 (lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: X7 Chat
CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo functionality in ...)
NOT-FOR-US: DigitalVidhya Digi Online Examination System
CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog ...)
@@ -1750,7 +1757,7 @@
CVE-2014-8967
RESERVED
CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Internet Explorer
CVE-2014-8965
RESERVED
CVE-2014-8964 [pcre: heap buffer overflow]
@@ -2729,7 +2736,7 @@
CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- - libav <undetermined>
+ - libav <unfixed>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 ...)
TODO: check
@@ -3021,39 +3028,39 @@
CVE-2014-8462
RESERVED
CVE-2014-8461 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8460 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8459 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8458 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8457 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8456 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8455 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8454 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8453 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8452 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8451 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8450
RESERVED
CVE-2014-8449 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8448 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8447 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8446 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8445 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2014-8444
RESERVED
CVE-2014-8443 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 ...)
More information about the Secure-testing-commits
mailing list