[Secure-testing-commits] r52378 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jun 7 09:16:40 UTC 2017
Author: carnil
Date: 2017-06-07 09:16:40 +0000 (Wed, 07 Jun 2017)
New Revision: 52378
Modified:
data/CVE/list
Log:
Sort entries and mark libav again as no-dsa for jessie
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-07 09:15:13 UTC (rev 52377)
+++ data/CVE/list 2017-06-07 09:16:40 UTC (rev 52378)
@@ -1399,9 +1399,9 @@
NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-006
CVE-2017-9051 (libav before 12.1 is vulnerable to an invalid read of size 1 due to ...)
- libav <removed> (low)
+ [jessie] - libav <no-dsa> (Minor issue)
+ [wheezy] - libav <not-affected> (Tested with the original reproducer, 0.8 branch not vulnerable)
- ffmpeg 7:2.6.1-1 (low)
- [wheezy] - libav <not-affected> (Tested with the original reproducer, 0.8 branch not vulnerable)
- [jessie] - libav <not-affected> (Tested with the original reproducer, 11 branch not vulnerable)
NOTE: Fix in libav: https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24.patch
NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039
More information about the Secure-testing-commits
mailing list