[Secure-testing-commits] r29102 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Sep 27 10:59:46 UTC 2014


Author: carnil
Date: 2014-09-27 10:59:45 +0000 (Sat, 27 Sep 2014)
New Revision: 29102

Modified:
   data/CVE/list
Log:
Covert all <end-of-life> tagged ffmpeg entries to <unfixed>

Need to be double-checked according at least the list provided in
https://ffmpeg.org/security.html

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-27 09:14:13 UTC (rev 29101)
+++ data/CVE/list	2014-09-27 10:59:45 UTC (rev 29102)
@@ -4166,7 +4166,7 @@
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000
 CVE-2014-5272 [out of array access]
 	RESERVED
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
 	NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1
@@ -5858,7 +5858,7 @@
 	NOTE: for lz4: https://code.google.com/p/lz4/issues/detail?id=52 and https://code.google.com/p/lz4/source/detail?r=118
 CVE-2014-4610
 	RESERVED
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 CVE-2014-4609
 	RESERVED
 	{DSA-2977-1}
@@ -11948,7 +11948,7 @@
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
 	{DSA-3003-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:10.4-1
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
 CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
@@ -16186,7 +16186,7 @@
 CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmpeg ...)
 	{DSA-2947-1}
 	- libav 6:9.11-1
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
 	NOTE: Pending for 0.8.11
@@ -17433,7 +17433,7 @@
 	NOTE: https://trac.ffmpeg.org/ticket/2905
 CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
 	{DSA-3027-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:10.4-1
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
 CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
@@ -17461,7 +17461,7 @@
 	NOTE: Only present in libav trunk
 CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.11-1
 	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1
@@ -17486,18 +17486,18 @@
 	NOTE: https://trac.ffmpeg.org/ticket/3080
 	NOTE: Only present in libav trunk
 CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav <not-affected> (Reproducer fails on libav 0.8.9 and 9.11)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
 	NOTE: https://trac.ffmpeg.org/ticket/2906
 CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.11-1
 	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
 CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav <not-affected> (Not reproducible with 0.8.9)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
 	NOTE: https://trac.ffmpeg.org/ticket/2850
@@ -27340,7 +27340,7 @@
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
 	{DSA-3003-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:10.4-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
@@ -27348,7 +27348,7 @@
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:10-1
 	[wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
@@ -30163,10 +30163,10 @@
 	RESERVED
 CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...)
 	- libav 6:0.8.6-1 (bug #703200)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...)
 	- libav 6:0.8.6-1 (bug #703200)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to ...)
 	- isc-dhcp 4.2.4-6 (low; bug #704426)
 	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u6
@@ -30794,7 +30794,7 @@
 CVE-2013-2278 (Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when ...)
 	NOT-FOR-US: War FTP Daemon
 CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.6-1 (bug #703200)
 CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...)
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -34988,7 +34988,7 @@
 CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the ...)
 	- chromium-browser 25.0.1364.97-1
 	[squeeze] - chromium-browser <end-of-life>
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.6-1 (bug #703200)
 CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...)
 	- chromium-browser 25.0.1364.97-1
@@ -35051,7 +35051,7 @@
 	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
 	- libav <not-affected> (Affected code not present in libav)
 CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.6-1 (bug #717009)
 	NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
@@ -35068,19 +35068,19 @@
 	- ffmpeg <not-affected> (No threading support in vp3 from ffmpeg 0.5)
 	- libav <not-affected> (Vulnerable code added in ffmpeg post-merge)
 CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.5-1
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
 	NOTE: Fix needed in ffmpeg 0.5
 CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
 	{DSA-3003-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:10.3-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
 CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
 CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before ...)
@@ -35091,7 +35091,7 @@
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
 CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.8-1 (bug #717009)
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
 CVE-2013-0864 (The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before ...)
@@ -35110,7 +35110,7 @@
 	NOTE: Affects the libav version in experimental
 CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in ...)
 	{DSA-3003-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:10.1-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
 	NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
@@ -35119,7 +35119,7 @@
 	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
 CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg ...)
 	{DSA-2793-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.9-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
@@ -35132,7 +35132,7 @@
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9
 	NOTE: Fixed in 0.8.9
 CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.10-1
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
@@ -35145,7 +35145,7 @@
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
 CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
 	{DSA-2793-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.8-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
@@ -35170,19 +35170,19 @@
 	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8)
 CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
 	{DSA-2793-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.7-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
 CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg ...)
 	{DSA-2855-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.3-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
 	{DSA-3003-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:10.4-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
@@ -35192,7 +35192,7 @@
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
 CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in ...)
 	{DSA-2855-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.3-1 (bug #717009)
 	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
@@ -35207,7 +35207,7 @@
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in ...)
 	{DSA-2793-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:9.10-1
 	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e08
@@ -40409,19 +40409,19 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-5361
 	RESERVED
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5360
 	RESERVED
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5359
 	RESERVED
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
@@ -40907,7 +40907,7 @@
 CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
 	- chromium-browser 24.0.1312.68-1
 	[squeeze] - chromium-browser <end-of-life>
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.6-1
 CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before ...)
 	- chromium-browser 24.0.1312.68-1
@@ -47258,12 +47258,12 @@
 CVE-2012-2805
 	RESERVED
 CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.5-1 (bug #688847)
 	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
 	{DSA-2624-1}
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.5-1 (bug #688847)
 	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
 CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...)
@@ -47272,7 +47272,7 @@
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, ...)
 	{DSA-2624-1}
 	- libav 6:0.8.4-1 (bug #688847)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
 CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
 	[squeeze] - ffmpeg <not-affected> (bug #688849)
@@ -47284,7 +47284,7 @@
 	[squeeze] - ffmpeg <not-affected> (bug #688849)
 	- libav 6:0.8.4-1 (bug #688847)
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	- libav 6:0.8.5-1 (bug #688847)
 	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
 	NOTE: patch proposed: http://patches.libav.org/patch/32642/
@@ -57776,7 +57776,7 @@
 CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in ...)
 	{DSA-2855-1}
 	- libav 6:9.10-1
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da
 CVE-2011-3943
 	RESERVED
@@ -57784,7 +57784,7 @@
 	RESERVED
 CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg ...)
 	- libav 4:0.8.1-1
-	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
+	- ffmpeg <unfixed>
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6193ff68549ecbaf1a4d63a0e06964ec580ac620
 CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before ...)
 	{DSA-2471-1}




More information about the Secure-testing-commits mailing list