[Secure-testing-commits] r30880 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Sun Dec 21 04:37:10 UTC 2014 

Author: mgilbert
Date: 2014-12-21 04:37:10 +0000 (Sun, 21 Dec 2014)
New Revision: 30880

Modified:
   data/CVE/list
Log:
bug submitted for libav issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-21 04:00:42 UTC (rev 30879)
+++ data/CVE/list	2014-12-21 04:37:10 UTC (rev 30880)
@@ -167,12 +167,12 @@
 	RESERVED
 	NOT-FOR-US: SAP Business Objects
 CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg ...)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -181,7 +181,7 @@
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg ...)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <end-of-life>
 CVE-2014-9315
@@ -2801,49 +2801,49 @@
 CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
 CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
 CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
 CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
 CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
 CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
 CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
 CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <unfixed> (bug #773626)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
 CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 ...)
 	NOT-FOR-US: Simple Email

More information about the Secure-testing-commits mailing list