[Secure-testing-commits] r32494 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Feb 25 18:47:54 UTC 2015
Author: jmm
Date: 2015-02-25 18:47:54 +0000 (Wed, 25 Feb 2015)
New Revision: 32494
Modified:
data/CVE/list
Log:
libav triage
remove tmp linux issue, security enhancement, not a vulnerability
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-25 18:30:12 UTC (rev 32493)
+++ data/CVE/list 2015-02-25 18:47:54 UTC (rev 32494)
@@ -5723,10 +5723,6 @@
- firebird2.1 <removed>
NOTE: http://sourceforge.net/p/firebird/code/60331
NOTE: http://tracker.firebirdsql.org/browse/CORE-4630
-CVE-2014-XXXX [offset2lib linux aslr bypass]
- - linux <unfixed> (low; bug #772508)
- - linux-2.6 <removed>
- NOTE: jmm coordinating with reporters wrt CVE
CVE-2014-9298
RESERVED
{DSA-3154-1 DLA-149-1}
@@ -8530,7 +8526,7 @@
CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- - libav <unfixed> (bug #773626)
+ - libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the ...)
- ffmpeg 7:2.4.3-1
@@ -8542,6 +8538,7 @@
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <unfixed> (bug #773626)
NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
+ NOTE: needed (confirmed)
CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
More information about the Secure-testing-commits
mailing list