[Secure-testing-commits] r46116 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Nov 11 10:49:51 UTC 2016
Author: jmm
Date: 2016-11-11 10:49:51 +0000 (Fri, 11 Nov 2016)
New Revision: 46116
Modified:
data/CVE/list
Log:
ffmpeg fixed
sendmail no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-11 09:58:52 UTC (rev 46115)
+++ data/CVE/list 2016-11-11 10:49:51 UTC (rev 46116)
@@ -1373,6 +1373,7 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
- sendmail <unfixed> (bug #841257)
+ [jessie] - sendmail <no-dsa> (Minor issue)
CVE-2016-8885
RESERVED
- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
@@ -1718,8 +1719,8 @@
CVE-2016-8632 [tipc_msg_build() doesn't validate MTU that can trigger heap overflow]
RESERVED
- linux <unfixed>
- [jessie] - linux <not-affected> (Vulnerable code introduced later)
- [wheezy] - linux <not-affected> (Vulnerable code introduced later)
+ [jessie] - linux <not-affected> (Vulnerable code introduced in 3.17)
+ [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.17)
NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
CVE-2016-8631
RESERVED
@@ -13332,7 +13333,8 @@
RESERVED
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- - ffmpeg <unfixed>
+ - ffmpeg 7:3.2-1
+ - libav <undetermined>
NOTE: https://chromium-review.googlesource.com/383956
NOTE: https://github.com/FFmpeg/FFmpeg/commit/347cb14b7cba7560e53f4434b419b9d8800253e7 (n3.3-dev)
CVE-2016-5198
More information about the Secure-testing-commits
mailing list