[Secure-testing-commits] r50640 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Apr 14 05:34:05 UTC 2017 

Author: carnil
Date: 2017-04-14 05:34:05 +0000 (Fri, 14 Apr 2017)
New Revision: 50640

Modified:
   data/CVE/list
Log:
Correct version for rtmpdump wich really contains the fixes

The fixes were aimed to be in 2.4+20151223.gitfa8646d-1 and this is the
case in the packaging repository of rtmpdump, but the orig tarball was
missed to import resulting in a followup update later which reimports
the upstream snapshot *and* including the fixes as well for the
resulting upload in Debian.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-14 05:19:44 UTC (rev 50639)
+++ data/CVE/list	2017-04-14 05:34:05 UTC (rev 50640)
@@ -52762,18 +52762,27 @@
 CVE-2015-8273
 	RESERVED
 CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of service ...)
-	- rtmpdump 2.4+20151223.gitfa8646d-1
+	- rtmpdump 2.4+20151223.gitfa8646d.1-1
 	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/4312322107a94c81d3ec5b98f91bc6b923551dc5
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0068/
+	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
+	NOTE: to missing upstream source import the fixes are really only present in
+	NOTE: 2.4+20151223.gitfa8646d.1-1
 CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote ...)
-	- rtmpdump 2.4+20151223.gitfa8646d-1
+	- rtmpdump 2.4+20151223.gitfa8646d.1-1
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0067/
 	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/39ec7eda489717d503bc4cbfaa591c93205695b6
 	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/530f9bb2a02a78c1198fb2bf0293a12d225e4691
+	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
+	NOTE: to missing upstream source import the fixes are really only present in
+	NOTE: 2.4+20151223.gitfa8646d.1-1
 CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote ...)
-	- rtmpdump 2.4+20151223.gitfa8646d-1
+	- rtmpdump 2.4+20151223.gitfa8646d.1-1
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0066/
 	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/10b580aabcec1621b25518271ba1ab2b018be88e
+	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
+	NOTE: to missing upstream source import the fixes are really only present in
+	NOTE: 2.4+20151223.gitfa8646d.1-1
 CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote attackers ...)
 	NOT-FOR-US: Fisher-Price
 CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 ...)

More information about the Secure-testing-commits mailing list