[Secure-testing-commits] r45640 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Wed Oct 26 19:50:28 UTC 2016
Author: opal
Date: 2016-10-26 19:50:28 +0000 (Wed, 26 Oct 2016)
New Revision: 45640
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Some further investigation regarding libass.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-26 19:29:52 UTC (rev 45639)
+++ data/CVE/list 2016-10-26 19:50:28 UTC (rev 45640)
@@ -3273,6 +3273,8 @@
- libass <unfixed> (bug #840338)
NOTE: The "third issue" is the DoS issue as per https://github.com/libass/libass/pull/240 with
NOTE: "id:000248,sig:11,src:004326,op:havoc,rep:16" which does not have fix upstream
+ NOTE: According to https://github.com/libass/libass/pull/240 the person reported the problem actually
+ NOTE: claim that the problem is not in libass. Therefore shouldn't we state that libass is not affected?
CVE-2016-7970
RESERVED
- libass 0.13.4-1
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-10-26 19:29:52 UTC (rev 45639)
+++ data/dla-needed.txt 2016-10-26 19:50:28 UTC (rev 45640)
@@ -36,6 +36,8 @@
--
libass
NOTE: 20161019: CVE-2016-7971 is disputed upstream. No patch available yet.
+ NOTE: 20161026: CVE-2016-7971 is not only disputed upstream but the reporter also confirm that the
+ NOTE: problem is in the application using libass4 rather than in libass4 itself.
--
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
More information about the Secure-testing-commits
mailing list