[Secure-testing-commits] r37976 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Mon Nov 30 00:40:10 UTC 2015 

Author: benh
Date: 2015-11-30 00:40:10 +0000 (Mon, 30 Nov 2015)
New Revision: 37976

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-29 22:42:31 UTC (rev 37975)
+++ data/CVE/list	2015-11-30 00:40:10 UTC (rev 37976)
@@ -6,14 +6,17 @@
 	RESERVED
 CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...)
 	- ffmpeg 7:2.8.3-1 (bug #806519)
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
 CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in ...)
 	- ffmpeg 7:2.8.3-1 (bug #806519)
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
 CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...)
 	- ffmpeg 7:2.8.3-1 (bug #806519)
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
 CVE-2015-8362
@@ -5221,6 +5224,10 @@
 	RESERVED
 	[experimental] - srtp 1.5.3~dfsg-1
 	- srtp <unfixed>
+	NOTE: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
+	NOTE: https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
+	NOTE: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
+	NOTE: https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
 	TODO: check details
 CVE-2015-6359
 	RESERVED
@@ -10238,7 +10245,7 @@
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 38.4.0-1
-	[squeeze] - iceweasel <end-of-life>
+	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
 CVE-2015-4512 (gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux ...)
 	- iceweasel <not-affected> (Affects only 40.x)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-11-29 22:42:31 UTC (rev 37975)
+++ data/dla-needed.txt	2015-11-30 00:40:10 UTC (rev 37976)
@@ -42,6 +42,8 @@
 squid
   NOTE: CVE-2015-5400: Fix is hard to backport, and default configuration is not affected
 --
+srtp
+--
 sudo (Ben Hutchings)
   NOTE: Maintainer want to review the updated package:
   https://lists.debian.org/87fv0hmref.fsf@rover.gag.com

More information about the Secure-testing-commits mailing list