[Secure-testing-commits] r32909 - data/CVE

Mon Mar 16 10:00:33 UTC 2015

Author: jmm
Date: 2015-03-16 10:00:33 +0000 (Mon, 16 Mar 2015)
New Revision: 32909

Modified:
   data/CVE/list
Log:
spencer regex issue CVEfied


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-03-16 09:11:14 UTC (rev 32908)
+++ data/CVE/list	2015-03-16 10:00:33 UTC (rev 32909)
@@ -1842,7 +1842,7 @@
 	NOT-FOR-US: Fortinet FortiClient
 CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, ...)
 	NOT-FOR-US: Fortinet FortiClient
-CVE-2015-XXXX [Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability]
+CVE-2015-2305 [Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability]
 	- php5 5.6.6+dfsg-1 (low; bug #778389)
 	- olsrd <not-affected> (only when building on Android, see bug #778390)
 	- llvm-toolchain-3.4 <unfixed> (low; bug #778391)
@@ -3645,7 +3645,6 @@
 	NOTE: Applies to 0.8, but in different file (utvideo.c)
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
-	NOTE: Pending for 0.8.17
 CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before ...)
 	- ffmpeg 7:2.5.1-1
 	[squeeze] - ffmpeg <end-of-life>
@@ -9396,7 +9395,6 @@
 	- libav 6:11.2-1 (bug #773626)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab
-	NOTE: Pending for 0.8.17
 CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute ...)
 	{DSA-3189-1}
 	- ffmpeg 7:2.4.3-1
@@ -9404,7 +9402,6 @@
 	- libav 6:11.2-1 (bug #773626)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903
-	NOTE: Pending for 0.8.17
 CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
@@ -9422,7 +9419,6 @@
 	- libav 6:11.3-1 (bug #773626)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186
-	NOTE: Pending for 0.8.17
 CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all ...)
 	{DSA-3189-1}
 	- ffmpeg 7:2.4.3-1
@@ -9430,7 +9426,6 @@
 	- libav 6:11.2-1 (bug #773626)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
-	NOTE: Pending for 0.8.17
 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID ...)
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
@@ -11200,7 +11195,6 @@
 	- ffmpeg 7:2.5.1-1
 	[squeeze] - ffmpeg <end-of-life>
 	- libav 6:11.3-1
-	NOTE: Pending for 0.8.17
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
 CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in ...)


