[Secure-testing-commits] r25522 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Feb 5 14:22:22 UTC 2014
Author: jmm
Date: 2014-02-05 14:22:22 +0000 (Wed, 05 Feb 2014)
New Revision: 25522
Modified:
data/CVE/list
Log:
libav fixes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-05 13:57:38 UTC (rev 25521)
+++ data/CVE/list 2014-02-05 14:22:22 UTC (rev 25522)
@@ -2619,7 +2619,7 @@
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/11822
NOTE: https://jira.mongodb.org/browse/SERVER-7769
CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmpeg ...)
- - libav <unfixed>
+ - libav 6:9.11-1
- ffmpeg <removed>
NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
@@ -3819,13 +3819,13 @@
NOTE: Only present in libav trunk
CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
- ffmpeg <removed>
- - libav <unfixed>
+ - libav 6:9.11-1
NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1
NOTE: https://trac.ffmpeg.org/ticket/2844
CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- - libav <unfixed>
+ - libav 6:9.11-1
NOTE: https://trac.ffmpeg.org/ticket/2919
NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
@@ -3848,7 +3848,7 @@
NOTE: https://trac.ffmpeg.org/ticket/2906
CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
- ffmpeg <removed>
- - libav <unfixed>
+ - libav 6:9.11-1
NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
@@ -20843,7 +20843,7 @@
NOTE: Pending for 0.8.10
CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...)
- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
- - libav <unfixed>
+ - libav 6:9.11-1
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
@@ -43435,7 +43435,7 @@
- libav 4:0.8.1-1
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in ...)
- - libav <unfixed>
+ - libav 6:9.10-1
- ffmpeg <removed>
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da
CVE-2011-3943
More information about the Secure-testing-commits
mailing list