[Secure-testing-commits] r39962 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Feb 26 21:22:10 UTC 2016 

Author: jmm
Date: 2016-02-26 21:22:10 +0000 (Fri, 26 Feb 2016)
New Revision: 39962

Modified:
   data/CVE/list
Log:
two libav issues n/a
two libav issues undetermined, code varies from ffmpeg so needs
  test with actual reproducer


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-26 21:10:11 UTC (rev 39961)
+++ data/CVE/list	2016-02-26 21:22:10 UTC (rev 39962)
@@ -1,6 +1,5 @@
 CVE-2016-7575
 	REJECTED
-	TODO: check
 CVE-2016-2573
 	RESERVED
 CVE-2016-2567
@@ -797,20 +796,20 @@
 	NOTE: Fixed in 5.6.18, 7.0.3
 CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...)
 	- ffmpeg 2.8.6-1
-	- libav <removed>
+	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
 CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate ...)
 	- ffmpeg 2.8.6-1
-	- libav <removed>
+	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
 CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
 	- ffmpeg 2.8.6-1
-	- libav <removed>
+	- libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
 CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes ...)
 	- ffmpeg 2.8.5-1
-	- libav <removed>
+	- libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
 CVE-2016-2326 (Integer overflow in the asf_write_packet function in ...)
@@ -1208,8 +1207,8 @@
 	NOT-FOR-US: Enterprise Manager in McAfee Vulnerability Manager
 CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...)
 	- ffmpeg 7:2.8.6-1
-	- libav <removed>
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
+	- libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
 CVE-2016-2196 [Overwrite in P-521 reduction]
 	RESERVED

More information about the Secure-testing-commits mailing list