[Secure-testing-commits] r32473 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Feb 24 21:56:39 UTC 2015 

Author: jmm
Date: 2015-02-24 21:56:39 +0000 (Tue, 24 Feb 2015)
New Revision: 32473

Modified:
   data/CVE/list
Log:
libav triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-24 21:10:17 UTC (rev 32472)
+++ data/CVE/list	2015-02-24 21:56:39 UTC (rev 32473)
@@ -2798,14 +2798,12 @@
 	[squeeze] - ffmpeg <end-of-life>
 	- libav <unfixed> (bug #775593)
 	NOTE: Applies to 0.8, but in different file (utvideo.c)
-	NOTE: libav: needed
+	NOTE: libav: needed (confirmed)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
 CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before ...)
 	- ffmpeg 7:2.5.1-1
 	[squeeze] - ffmpeg <end-of-life>
-	- libav <unfixed> (bug #775593)
-	NOTE: Applies to 0.8, but in different file (vmdav.c)
-	NOTE: libav: needed
+	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
 CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits ...)
 	- ffmpeg 7:2.5.1-1
@@ -5598,8 +5596,7 @@
 	RESERVED
 	NOT-FOR-US: SAP Business Objects
 CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg ...)
-	- libav <unfixed> (bug #773626)
-	[wheezy] - libav <not-affected> (Vulnerable code not present)
+	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
@@ -5615,7 +5612,7 @@
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
 CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg ...)
-	- libav <unfixed> (bug #773626)
+	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <end-of-life>
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844

More information about the Secure-testing-commits mailing list