[Secure-testing-commits] r25174 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jan 13 07:41:26 UTC 2014
Author: jmm
Date: 2014-01-13 07:41:26 +0000 (Mon, 13 Jan 2014)
New Revision: 25174
Modified:
data/CVE/list
Log:
libav updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-13 07:40:51 UTC (rev 25173)
+++ data/CVE/list 2014-01-13 07:41:26 UTC (rev 25174)
@@ -2152,8 +2152,9 @@
CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <unfixed>
- NOTE: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
NOTE: https://trac.ffmpeg.org/ticket/2919
+ NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
CVE-2013-7013 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
@@ -2178,7 +2179,7 @@
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
- ffmpeg <removed>
- - libav <unfixed>
+ - libav <not-affected> (Not reproducible with 0.8.9)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
NOTE: https://trac.ffmpeg.org/ticket/2850
CVE-2013-7008 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
@@ -19045,6 +19046,7 @@
NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
NOTE: Needed in ffmpeg 0.5
+ NOTE: Pending for 0.8.10
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
- ffmpeg <removed>
- libav <undetermined>
@@ -19061,6 +19063,7 @@
NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
NOTE: Needed for ffmpeg 0.5
+ NOTE: Pending for 0.8.10
CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...)
- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
- libav <unfixed>
@@ -19068,7 +19071,7 @@
NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
- NOTE: Pending for 9.11
+ NOTE: Pending for 9.11 and 0.8.10
CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in ...)
{DSA-2793-1}
- ffmpeg <removed>
More information about the Secure-testing-commits
mailing list