[Secure-testing-commits] r26242 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Mar 25 15:53:41 UTC 2014


Author: jmm
Date: 2014-03-25 15:53:41 +0000 (Tue, 25 Mar 2014)
New Revision: 26242

Modified:
   data/CVE/list
Log:
new xen issue
ffmpeg end-of-life


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-25 15:44:07 UTC (rev 26241)
+++ data/CVE/list	2014-03-25 15:53:41 UTC (rev 26242)
@@ -1,9 +1,12 @@
+CVE-2014-XXXX [Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible]
+	- xen <unfixed>
+	[squeeze] - xen <not-affected> (Only affects 4.1 and later)
 CVE-2014-2585 [users can mount the local file system]
 	- owncloud <unfixed>
-	TODO: check
 CVE-2014-2580 [Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet]
 	- xen <unfixed>
-	TODO: check
+	[wheezy] - xen <not-affected> (Only exploitable with Linux >= 3.12)
+	[squeeze] - xen <not-affected> (Only exploitable with Linux >= 3.12)
 CVE-2014-2532 [openssh: AcceptEnv environment restriction bypass flaw]
 	- openssh <unfixed>
 	TODO: check
@@ -585,7 +588,7 @@
 CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
 	NOT-FOR-US: Base SAS
@@ -4481,7 +4484,7 @@
 	NOTE: https://jira.mongodb.org/browse/SERVER-7769
 CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmpeg ...)
 	- libav 6:9.11-1
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
 	NOTE: Pending for 0.8.11
@@ -5654,7 +5657,7 @@
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
 	NOTE: https://trac.ffmpeg.org/ticket/2905
 CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
 CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
@@ -5682,7 +5685,7 @@
 	NOTE: Only present in libav trunk
 CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.11-1
 	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1
@@ -5707,18 +5710,18 @@
 	NOTE: https://trac.ffmpeg.org/ticket/3080
 	NOTE: Only present in libav trunk
 CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
 	NOTE: https://trac.ffmpeg.org/ticket/2906
 CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.11-1
 	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
 CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <not-affected> (Not reproducible with 0.8.9)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
 	NOTE: https://trac.ffmpeg.org/ticket/2850
@@ -15180,14 +15183,14 @@
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
 CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
 CVE-2013-3669
@@ -17994,10 +17997,10 @@
 	RESERVED
 CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...)
 	- libav 6:0.8.6-1 (bug #703200)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...)
 	- libav 6:0.8.6-1 (bug #703200)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to ...)
 	- isc-dhcp 4.2.4-6 (low; bug #704426)
 	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u6
@@ -18626,7 +18629,7 @@
 CVE-2013-2278
 	RESERVED
 CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1 (bug #703200)
 CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...)
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -22822,7 +22825,7 @@
 CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the ...)
 	- chromium-browser 25.0.1364.97-1
 	[squeeze] - chromium-browser <end-of-life>
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1 (bug #703200)
 CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...)
 	- chromium-browser 25.0.1364.97-1
@@ -22885,7 +22888,7 @@
 	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
 	- libav <not-affected> (Affected code not present in libav)
 CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1 (bug #717009)
 	NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
@@ -22902,13 +22905,13 @@
 	- ffmpeg <not-affected> (No threading support in vp3 from ffmpeg 0.5)
 	- libav <not-affected> (Vulnerable code added in ffmpeg post-merge)
 CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
 	NOTE: Fix needed in ffmpeg 0.5
 CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
@@ -22924,7 +22927,7 @@
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
 CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.8-1 (bug #717009)
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
 CVE-2013-0864 (The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before ...)
@@ -22942,7 +22945,7 @@
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
 	NOTE: Affects the libav version in experimental
 CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <unfixed>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
 CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg ...)
@@ -22950,7 +22953,7 @@
 	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
 CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg ...)
 	{DSA-2793-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.9-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
@@ -22963,7 +22966,7 @@
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9
 	NOTE: Fixed in 0.8.9
 CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.10-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
@@ -22975,7 +22978,7 @@
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
 CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
 	{DSA-2793-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.8-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
@@ -22998,19 +23001,19 @@
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
 CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
 	{DSA-2793-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.7-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
 CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.3-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
 	NOTE: Needed in ffmpeg 0.5
 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <undetermined>
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
 	NOTE: Needed in ffmpeg 0.5
@@ -23021,7 +23024,7 @@
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
 CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in ...)
 	{DSA-2855-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.3-1 (bug #717009)
 	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
@@ -23036,7 +23039,7 @@
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in ...)
 	{DSA-2793-1}
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.10-1
 	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e08
@@ -28256,19 +28259,19 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-5361
 	RESERVED
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5360
 	RESERVED
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5359
 	RESERVED
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
@@ -28753,7 +28756,7 @@
 CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
 	- chromium-browser 24.0.1312.68-1
 	[squeeze] - chromium-browser <end-of-life>
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1
 CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before ...)
 	- chromium-browser 24.0.1312.68-1
@@ -35078,21 +35081,21 @@
 CVE-2012-2805
 	RESERVED
 CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
-	- ffmpeg <removed> (bug #688849)
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #688847)
 	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
 	{DSA-2624-1}
-	- ffmpeg <removed> (bug #688849)
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #688847)
 	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
 CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, ...)
 	{DSA-2624-1}
 	- libav 6:0.8.4-1 (bug #688847)
-	- ffmpeg <removed>
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
 CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
 	[squeeze] - ffmpeg <not-affected> (bug #688849)
@@ -35104,21 +35107,21 @@
 	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
-	- ffmpeg <removed> (bug #688849)
+	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #688847)
 	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
 	NOTE: patch proposed: http://patches.libav.org/patch/32642/
 CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
@@ -35127,10 +35130,10 @@
 	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.5-1 (bug #688847)
 CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 	NOTE: contrary to the description, this issue is about the decode_subframe in libavcodec/wmaprodec.c
 CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in ...)
@@ -35139,10 +35142,10 @@
 	- libav 6:0.8.4-1 (bug #688847)
 	- ffmpeg <removed>
 CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in ...)
-	[squeeze] - ffmpeg <not-affected> (bug #688849)
+	- ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
 	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)




More information about the Secure-testing-commits mailing list