[Secure-testing-commits] r25174 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-01-13 07:41:26 +0000 (Mon, 13 Jan 2014)
New Revision: 25174

Modified:
   data/CVE/list
Log:
libav updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-13 07:40:51 UTC (rev 25173)
+++ data/CVE/list	2014-01-13 07:41:26 UTC (rev 25174)
@@ -2152,8 +2152,9 @@
 CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <unfixed>
-	NOTE: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
 	NOTE: https://trac.ffmpeg.org/ticket/2919
+	NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
+	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
 CVE-2013-7013 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <not-affected> (Vulnerable code not present)
@@ -2178,7 +2179,7 @@
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
 CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
 	- ffmpeg <removed>
-	- libav <unfixed>
+	- libav <not-affected> (Not reproducible with 0.8.9)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
 	NOTE: https://trac.ffmpeg.org/ticket/2850
 CVE-2013-7008 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
@@ -19045,6 +19046,7 @@
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
 	NOTE: Needed in ffmpeg 0.5
+	NOTE: Pending for 0.8.10
 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
 	- ffmpeg <removed>
 	- libav <undetermined>
@@ -19061,6 +19063,7 @@
 	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
 	NOTE: Needed for ffmpeg 0.5
+	NOTE: Pending for 0.8.10
 CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...)
 	- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
 	- libav <unfixed>
@@ -19068,7 +19071,7 @@
 	NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
-	NOTE: Pending for 9.11
+	NOTE: Pending for 9.11 and 0.8.10
 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in ...)
 	{DSA-2793-1}
 	- ffmpeg <removed>