[Secure-testing-commits] r38014 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 1 18:28:11 UTC 2015
Author: carnil
Date: 2015-12-01 18:28:11 +0000 (Tue, 01 Dec 2015)
New Revision: 38014
Modified:
data/CVE/list
Log:
Add CVE-2015-836{6,7}/libraw
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-01 18:21:58 UTC (rev 38013)
+++ data/CVE/list 2015-12-01 18:28:11 UTC (rev 38014)
@@ -18,10 +18,16 @@
NOT-FOR-US: PHP-Fusion
CVE-2015-8368
RESERVED
-CVE-2015-8367
+CVE-2015-8367 [Memory objects are not intialized properly]
RESERVED
-CVE-2015-8366
+ - libraw <unfixed>
+ NOTE: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
+ TODO: check other copies containing libraw code
+CVE-2015-8366 [ndex overflow in smal_decode_segment]
RESERVED
+ - libraw <unfixed>
+ NOTE: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
+ TODO: check other copies containing libraw code
CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...)
- ffmpeg 7:2.8.3-1 (bug #806519)
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
More information about the Secure-testing-commits
mailing list