[Secure-testing-commits] r37958 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Nov 27 23:19:52 UTC 2015 

Author: jmm
Date: 2015-11-27 23:19:52 +0000 (Fri, 27 Nov 2015)
New Revision: 37958

Modified:
   data/CVE/list
Log:
new ffmpeg issues
bug for android-platform-frameworks-native


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-27 23:14:12 UTC (rev 37957)
+++ data/CVE/list	2015-11-27 23:19:52 UTC (rev 37958)
@@ -5,11 +5,17 @@
 CVE-2015-8366
 	RESERVED
 CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	- libav <undetermined>
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
 CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	- libav <undetermined>
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
 CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	- libav <undetermined>
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
 CVE-2015-8362
 	RESERVED
 CVE-2015-8361
@@ -4610,7 +4616,7 @@
 CVE-2015-6610 (libstagefright in Android before 5.1.1 LMY48X and 6.0 before ...)
 	TODO: check
 CVE-2015-6609 (libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
-	- android-platform-frameworks-native <unfixed> (unimportant)
+	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
 CVE-2015-6608 (mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before ...)
 	TODO: check
 CVE-2015-6607 (SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows ...)
@@ -4624,7 +4630,7 @@
 CVE-2015-6603 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
 	NOT-FOR-US: libstagefright in Android
 CVE-2015-6602 (libutils in Android through 5.1.1 LMY48M allows remote attackers to ...)
-	- android-platform-frameworks-native <unfixed> (unimportant)
+	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
 CVE-2015-6601 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
 	NOT-FOR-US: libstagefright in Android
 CVE-2015-6600 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
@@ -12037,7 +12043,7 @@
 CVE-2015-3876 (libstagefright in Android through 5.1.1 LMY48M allows remote attackers ...)
 	NOT-FOR-US: libstagefright in Android
 CVE-2015-3875 (libutils in Android before 5.1.1 LMY48T allows remote attackers to ...)
-	- android-platform-frameworks-native <unfixed> (unimportant)
+	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
 CVE-2015-3874 (The Sonivox components in Android before 5.1.1 LMY48T allow remote ...)
 	NOT-FOR-US: The Sonivox components in Android
 CVE-2015-3873 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)

More information about the Secure-testing-commits mailing list