[Secure-testing-commits] r37927 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Nov 26 18:32:25 UTC 2015 

Author: jmm
Date: 2015-11-26 18:32:25 +0000 (Thu, 26 Nov 2015)
New Revision: 37927

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
neutron no-dsa
mark libav issues as undetermined unless explicity tracked down/discussed with upstream


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-26 18:24:30 UTC (rev 37926)
+++ data/CVE/list	2015-11-26 18:32:25 UTC (rev 37927)
@@ -3915,11 +3915,11 @@
 	NOT-FOR-US: Auto-Exchanger
 CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...)
 	- ffmpeg 7:2.7.2-1
-	- libav <removed>
+	- libav <undetermined>
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...)
 	- ffmpeg 7:2.7.2-1
-	- libav <removed>
+	- libav <undetermined>
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
@@ -4178,7 +4178,7 @@
 CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg through ...)
 	{DSA-3376-1}
 	- ffmpeg 7:2.8.1-1
-	- libav <removed>
+	- libav <undetermined>
 	- chromium-browser 44.0.2403.157-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
@@ -8135,6 +8135,7 @@
 	RESERVED
 CVE-2015-5240 (Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before ...)
 	- neutron 1:7.0.0-1
+	[jessie] - neutron <no-dsa> (Minor issue)
 	NOTE: versions through 2014.2.3 and 2015.1 versions through 2015.1.1
 CVE-2015-5239 [Integer overflow in vnc_client_read() and protocol_client_msg()]
 	RESERVED

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2015-11-26 18:24:30 UTC (rev 37926)
+++ data/dsa-needed.txt	2015-11-26 18:32:25 UTC (rev 37927)
@@ -19,6 +19,8 @@
 aptdaemon
   For jessie-security compat layer for PackageKit needs to be dropped
 --
+chromium-browser
+--
 icedove (jmm)
 --
 icedtea-web

More information about the Secure-testing-commits mailing list