[Secure-testing-commits] r49620 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Mar 12 21:04:21 UTC 2017
Author: jmm
Date: 2017-03-12 21:04:21 +0000 (Sun, 12 Mar 2017)
New Revision: 49620
Modified:
data/CVE/list
Log:
ffmpeg confirmed n/a
remove one no-dsa for qemu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-12 19:41:26 UTC (rev 49619)
+++ data/CVE/list 2017-03-12 21:04:21 UTC (rev 49620)
@@ -11688,7 +11688,6 @@
RESERVED
{DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (low; bug #854731)
- [jessie] - qemu <no-dsa> (Minor issue)
NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
CVE-2017-2614
@@ -19804,7 +19803,7 @@
CVE-2016-8711 (A potential remote code execution vulnerability exists in the PDF ...)
NOT-FOR-US: Nitro Pro
CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the ...)
- - ffmpeg <undetermined>
+ - ffmpeg <not-affected> (Vulnerable code wasn't part of ffmpeg according to upstream)
NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg
NOTE: http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0223/
More information about the Secure-testing-commits
mailing list