[Secure-testing-commits] r50991 - in data: . CVE

Mon Apr 24 11:36:29 UTC 2017

Author: jmm
Date: 2017-04-24 11:36:29 +0000 (Mon, 24 Apr 2017)
New Revision: 50991

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
one libav issue n/a for jessie
take libav


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-04-24 11:24:25 UTC (rev 50990)
+++ data/CVE/list	2017-04-24 11:36:29 UTC (rev 50991)
@@ -718,7 +718,7 @@
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb91fbf47fc0775cc9705673caf0c47a81f94b
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
 CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a ...)
-	- libreoffice <not-affected> (Didn't affect the 5.2 backport)
+	- libreoffice <not-affected> (Didn't affect any released version of LibreOffice)
 CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a ...)
 	- freetype <not-affected> (Only affected head for about a day, see bug #860303)
 	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=010e0614f2effe058855aacfc3e61c71e1cb5739
@@ -2730,6 +2730,7 @@
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676
 CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...)
 	- libav <removed>
+	[jessie] - libav <not-affected> (Vulnerable code not present)
 	- ffmpeg <undetermined>
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1002
 	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=83b2b34d06e74cc8775ba3d833f9782505e17539

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-04-24 11:24:25 UTC (rev 50990)
+++ data/dsa-needed.txt	2017-04-24 11:36:29 UTC (rev 50991)
@@ -21,8 +21,7 @@
 --
 graphicsmagick
 --
-libav
-  wait until the next 11.9 release
+libav (jmm)
 --
 libytnef (seb)
   Jordi Mallach proposed debdiff, needs review and ack


