[Secure-testing-commits] r32611 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Mar 3 17:12:03 UTC 2015 

Author: carnil
Date: 2015-03-03 17:12:03 +0000 (Tue, 03 Mar 2015)
New Revision: 32611

Modified:
   data/CVE/list
Log:
One ffmpeg/libav issue was assigned CVE-2014-9676

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-03 17:10:14 UTC (rev 32610)
+++ data/CVE/list	2015-03-03 17:12:03 UTC (rev 32611)
@@ -1601,6 +1601,12 @@
 CVE-2015-1483
 	RESERVED
 CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
+	- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
+	- libav 6:11.2-1
+	NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
+	NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
+	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
+	NOTE: CVE Request: https://marc.info/?l=oss-security&m=142034472712971&w=2
 	TODO: check
 CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by ...)
 	- freetype 2.5.2-3 (bug #777656)
@@ -5054,13 +5060,6 @@
 	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
 CVE-2015-0552 (Directory traversal vulnerability in the gcab_folder_extract function ...)
 	- gcab 0.4-2 (bug #774580)
-CVE-2015-XXXX [use after free in seg_write_packet()]
-	- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
-	- libav 6:11.2-1
-	NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
-	NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
-	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
-	NOTE: CVE Request: https://marc.info/?l=oss-security&m=142034472712971&w=2
 CVE-2015-XXXX [Zoo directory traversal]
 	- zoo <unfixed> (low; bug #774453)
 	[jessie] - zoo <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list