[Secure-testing-commits] r58505 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 13 05:40:11 UTC 2017
Author: carnil
Date: 2017-12-13 05:40:11 +0000 (Wed, 13 Dec 2017)
New Revision: 58505
Modified:
data/CVE/list
Log:
Update source package for CVE-2017-17555
After analysis from ffmpeg upstream they think this is an issue in
aubio, since it does initialize libswresample with 2 channels and then
passes data that contains just one channel.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-13 03:05:28 UTC (rev 58504)
+++ data/CVE/list 2017-12-13 05:40:11 UTC (rev 58505)
@@ -26,8 +26,10 @@
CVE-2017-17556
RESERVED
CVE-2017-17555 (The swri_audio_convert function in audioconvert.c in FFmpeg ...)
- - ffmpeg <unfixed> (bug #884232)
+ - aubio <unfixed> (bug #884232)
NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
+ NOTE: aubio initializes libswresample with 2 channels and then passes data
+ NOTE: that contains just one channel. Not an issue in src:ffmpeg.
CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the ...)
- aubio <unfixed> (low; bug #884237)
[wheezy] - aubio <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list