[Secure-testing-commits] r30922 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Dec 22 17:15:11 UTC 2014 

Author: jmm
Date: 2014-12-22 17:15:10 +0000 (Mon, 22 Dec 2014)
New Revision: 30922

Modified:
   data/CVE/list
Log:
libav updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-22 16:28:17 UTC (rev 30921)
+++ data/CVE/list	2014-12-22 17:15:10 UTC (rev 30922)
@@ -184,19 +184,23 @@
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
 CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
 	- libav <unfixed> (bug #773626)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
 CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
 	- libav <not-affected> (Vulnerable code not present)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
 CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg ...)
 	- libav <unfixed> (bug #773626)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <end-of-life>
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
 CVE-2014-9315
 	RESERVED
 CVE-2014-9314
@@ -2824,48 +2828,58 @@
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <unfixed> (bug #773626)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
+	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686
+	NOTE: Pending for 11.2
 CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed> (bug #773626)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
+	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab
+	NOTE: Pending for 11.2 and 0.8.17
 CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed> (bug #773626)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
+	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903
+	NOTE: Pending for 11.2 and 0.8.17
 CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed> (bug #773626)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
 CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed> (bug #773626)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
+	- libav <not-affected> (Vulnerable code not present)
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
 CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed> (bug #773626)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
 CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed> (bug #773626)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
+	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
+	NOTE: Pending for 11.2 and 0.8.17
 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed> (bug #773626)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
 CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed> (bug #773626)
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
+	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
+	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550
+	NOTE: Pending for 11.2
 CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 ...)
 	NOT-FOR-US: Simple Email
 CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote ...)

More information about the Secure-testing-commits mailing list