[Secure-testing-commits] r38903 - data/CVE

Mike Gabriel sunweaver at moszumanska.debian.org
Thu Jan 14 09:03:54 UTC 2016


Author: sunweaver
Date: 2016-01-14 09:03:54 +0000 (Thu, 14 Jan 2016)
New Revision: 38903

Modified:
   data/CVE/list
Log:
ffmpeg: Triage new issues for squeeze-lts (tagging as end-of-life), plus various format fixes for false placement of other end-of-life tags on earlier triaged issues.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-14 08:48:15 UTC (rev 38902)
+++ data/CVE/list	2016-01-14 09:03:54 UTC (rev 38903)
@@ -1,9 +1,11 @@
 CVE-2016-1898
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed>
 	NOTE: http://habrahabr.ru/company/mailru/blog/274855
 CVE-2016-1897
 	- ffmpeg <unfixed>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed>
 	NOTE: http://habrahabr.ru/company/mailru/blog/274855
 CVE-2016-1867 [Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function]
@@ -1709,16 +1711,19 @@
 	TODO: check
 CVE-2015-8663 (The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ...)
 	- ffmpeg <undetermined>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
 	TODO: check
 CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ...)
 	- ffmpeg <undetermined>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
 	TODO: check
 CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in ...)
 	- ffmpeg <undetermined>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
 	TODO: check
@@ -9261,40 +9266,40 @@
 	NOT-FOR-US: Auto-Exchanger
 CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6823 (The allocate_buffers function in libavcodec/alac.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6822 (The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-6814
 	RESERVED
 CVE-2015-6813
@@ -9613,11 +9618,11 @@
 CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg through ...)
 	{DSA-3376-1}
 	- ffmpeg 7:2.8.1-1
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	- chromium-browser 44.0.2403.157-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://code.google.com/p/chromium/issues/detail?id=447860
 	NOTE: https://code.google.com/p/chromium/issues/detail?id=532967
 	NOTE: Starting with 44.0.2403.157-1 chromium uses the ffmpeg system copy
@@ -12872,10 +12877,10 @@
 CVE-2015-5479
 	RESERVED
 	- ffmpeg <not-affected> (Vulnerable code not present)
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed> (low)
 	[jessie] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
 	[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
-	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Patch in libav: https://git.libav.org/?p=libav.git;a=commit;h=0a49a62f998747cfa564d98d36a459fe70d3299b
 CVE-2015-5478
 	RESERVED
@@ -18860,7 +18865,6 @@
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	- libav 6:11.4-1
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
-	[squeeze] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214
 CVE-2015-3404 (The Certify module before 6.x-2.3 for Drupal does not properly perform ...)
 	NOT-FOR-US: Certify module for Drupal
@@ -26625,14 +26629,14 @@
 CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ...)
 	{DSA-3189-1}
 	- ffmpeg 7:2.5.1-1
-	[squeeze] - ffmpeg <end-of-life>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav 6:11.3-1 (bug #775593)
 	NOTE: Applies to 0.8, but in different file (utvideo.c)
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
 CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before ...)
 	- ffmpeg 7:2.5.1-1
-	[squeeze] - ffmpeg <end-of-life>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
 CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits ...)
@@ -29735,7 +29739,7 @@
 CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg ...)
 	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
 	- ffmpeg 2.4.4-1
-	[squeeze] - ffmpeg <end-of-life>
+	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
 CVE-2014-9315
 	RESERVED




More information about the Secure-testing-commits mailing list