[Secure-testing-commits] r29105 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Sep 27 12:07:16 UTC 2014 

Author: carnil
Date: 2014-09-27 12:07:15 +0000 (Sat, 27 Sep 2014)
New Revision: 29105

Modified:
   data/CVE/list
Log:
Add end-of-life tags for squeeze version of ffmpeg

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-27 11:26:04 UTC (rev 29104)
+++ data/CVE/list	2014-09-27 12:07:15 UTC (rev 29105)
@@ -4169,6 +4169,7 @@
 CVE-2014-5272 [out of array access]
 	RESERVED
 	- ffmpeg 7:2.4.1-1
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
 	NOTE: <lu_zero> Does not apply to Libav at all.
@@ -5860,6 +5861,7 @@
 CVE-2014-4610
 	RESERVED
 	- ffmpeg 7:2.4.1-1
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	NOTE: Fixed in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
 CVE-2014-4609
 	RESERVED
@@ -11951,6 +11953,7 @@
 CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
 	{DSA-3003-1}
 	- ffmpeg 7:2.4.1-1
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
 	- libav 6:10.4-1
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
@@ -16190,9 +16193,9 @@
 	{DSA-2947-1}
 	- libav 6:9.11-1
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
-	NOTE: Pending for 0.8.11
 CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before ...)
 	- libav 6:9.11-1
 	[wheezy] - libav <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
@@ -17437,6 +17440,7 @@
 CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
 	{DSA-3027-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10.4-1
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
 CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
@@ -17465,6 +17469,7 @@
 CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
 	{DSA-2855-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.11-1
 	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1
@@ -17490,17 +17495,20 @@
 	NOTE: Only present in libav trunk
 CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <not-affected> (Reproducer fails on libav 0.8.9 and 9.11)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
 	NOTE: https://trac.ffmpeg.org/ticket/2906
 CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
 	{DSA-2855-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.11-1
 	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
 CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <not-affected> (Not reproducible with 0.8.9)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
 	NOTE: https://trac.ffmpeg.org/ticket/2850
@@ -27344,6 +27352,7 @@
 CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
 	{DSA-3003-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10.4-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
@@ -27352,6 +27361,7 @@
 	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
 CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10-1
 	[wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
@@ -30167,9 +30177,11 @@
 CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...)
 	- libav 6:0.8.6-1 (bug #703200)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...)
 	- libav 6:0.8.6-1 (bug #703200)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to ...)
 	- isc-dhcp 4.2.4-6 (low; bug #704426)
 	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u6
@@ -30798,6 +30810,7 @@
 	NOT-FOR-US: War FTP Daemon
 CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1 (bug #703200)
 CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...)
 	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -34992,6 +35005,7 @@
 	- chromium-browser 25.0.1364.97-1
 	[squeeze] - chromium-browser <end-of-life>
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1 (bug #703200)
 CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...)
 	- chromium-browser 25.0.1364.97-1
@@ -35055,6 +35069,7 @@
 	- libav <not-affected> (Affected code not present in libav)
 CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1 (bug #717009)
 	NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
@@ -35072,6 +35087,7 @@
 	- libav <not-affected> (Vulnerable code added in ffmpeg post-merge)
 CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
@@ -35079,11 +35095,13 @@
 CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
 	{DSA-3003-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10.3-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
 CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
 CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before ...)
@@ -35095,6 +35113,7 @@
 CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg ...)
 	{DSA-2855-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.8-1 (bug #717009)
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
 CVE-2013-0864 (The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before ...)
@@ -35114,6 +35133,7 @@
 CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in ...)
 	{DSA-3003-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10.1-1
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
 	NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
@@ -35123,6 +35143,7 @@
 CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg ...)
 	{DSA-2793-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.9-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
@@ -35136,6 +35157,7 @@
 	NOTE: Fixed in 0.8.9
 CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.10-1
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
@@ -35149,6 +35171,7 @@
 CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
 	{DSA-2793-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.8-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
@@ -35174,18 +35197,21 @@
 CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
 	{DSA-2793-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.7-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
 CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg ...)
 	{DSA-2855-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.3-1 (bug #717009)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
 	{DSA-3003-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:10.4-1
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
@@ -35196,6 +35222,7 @@
 CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in ...)
 	{DSA-2855-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.3-1 (bug #717009)
 	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
@@ -35211,6 +35238,7 @@
 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in ...)
 	{DSA-2793-1}
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.10-1
 	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
 	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e08
@@ -40413,18 +40441,21 @@
 CVE-2012-5361
 	RESERVED
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5360
 	RESERVED
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
 CVE-2012-5359
 	RESERVED
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.5-1 (bug #694483)
 	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
 	NOTE: upstream needs a proper sample to reproduce the issue
@@ -40911,6 +40942,7 @@
 	- chromium-browser 24.0.1312.68-1
 	[squeeze] - chromium-browser <end-of-life>
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:0.8.6-1
 CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before ...)
 	- chromium-browser 24.0.1312.68-1
@@ -57780,6 +57812,7 @@
 	{DSA-2855-1}
 	- libav 6:9.10-1
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da
 CVE-2011-3943
 	RESERVED
@@ -57788,6 +57821,7 @@
 CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg ...)
 	- libav 4:0.8.1-1
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6193ff68549ecbaf1a4d63a0e06964ec580ac620
 CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before ...)
 	{DSA-2471-1}

More information about the Secure-testing-commits mailing list