[Secure-testing-commits] r45640 - in data: . CVE

Ola Lundqvist opal at moszumanska.debian.org
Wed Oct 26 19:50:28 UTC 2016


Author: opal
Date: 2016-10-26 19:50:28 +0000 (Wed, 26 Oct 2016)
New Revision: 45640

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Some further investigation regarding libass.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-26 19:29:52 UTC (rev 45639)
+++ data/CVE/list	2016-10-26 19:50:28 UTC (rev 45640)
@@ -3273,6 +3273,8 @@
 	- libass <unfixed> (bug #840338)
 	NOTE: The "third issue" is the DoS issue as per https://github.com/libass/libass/pull/240 with
 	NOTE: "id:000248,sig:11,src:004326,op:havoc,rep:16" which does not have fix upstream
+	NOTE: According to https://github.com/libass/libass/pull/240 the person reported the problem actually
+	NOTE: claim that the problem is not in libass. Therefore shouldn't we state that libass is not affected?
 CVE-2016-7970
 	RESERVED
 	- libass 0.13.4-1

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-10-26 19:29:52 UTC (rev 45639)
+++ data/dla-needed.txt	2016-10-26 19:50:28 UTC (rev 45640)
@@ -36,6 +36,8 @@
 --
 libass
   NOTE: 20161019: CVE-2016-7971 is disputed upstream. No patch available yet.
+  NOTE: 20161026: CVE-2016-7971 is not only disputed upstream but the reporter also confirm that the
+  NOTE: problem is in the application using libass4 rather than in libass4 itself.
 --
 libav (Hugo Lefeuvre)
   NOTE: Upstream should provide new point-releases fixing open security issues in the next months.




More information about the Secure-testing-commits mailing list