[Secure-testing-commits] r52375 - data/CVE

Hugo Lefeuvre hle at moszumanska.debian.org
Wed Jun 7 08:51:48 UTC 2017


Author: hle
Date: 2017-06-07 08:51:48 +0000 (Wed, 07 Jun 2017)
New Revision: 52375

Modified:
   data/CVE/list
Log:
CVE-2017-9051: libav 0.8.* and 11.* branches not vulnerable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-07 06:56:37 UTC (rev 52374)
+++ data/CVE/list	2017-06-07 08:51:48 UTC (rev 52375)
@@ -1328,7 +1328,8 @@
 CVE-2017-9051 (libav before 12.1 is vulnerable to an invalid read of size 1 due to ...)
 	- libav <removed> (low)
 	- ffmpeg 7:2.6.1-1 (low)
-	[jessie] - libav <no-dsa> (Minor issue)
+	[wheezy] - libav <not-affected> (Tested with the original reproducer, 0.8 branch not vulnerable)
+	[jessie] - libav <not-affected> (Tested with the original reproducer, 11 branch not vulnerable)
 	NOTE: Fix in libav: https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24.patch
 	NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039




More information about the Secure-testing-commits mailing list