[Secure-testing-commits] r28882 - data/CVE

[Reinhard Tartler]

Author: siretart
Date: 2014-09-18 00:32:41 +0000 (Thu, 18 Sep 2014)
New Revision: 28882

Modified:
   data/CVE/list
Log:
according to upstream, CVE-2014-5272 does not affect libav ata ll

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-17 22:30:06 UTC (rev 28881)
+++ data/CVE/list	2014-09-18 00:32:41 UTC (rev 28882)
@@ -2459,9 +2459,10 @@
 CVE-2014-5272 [out of array access]
 	RESERVED
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
-	- libav <unfixed>
+	- libav <not-affected>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
 	NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1
+	NOTE: <lu_zero> Does not apply to Libav at all.
 CVE-2014-5271 [buffer overflow]
 	RESERVED
 	- ffmpeg <not-affected> (Vulnerable code not present)