[Secure-testing-commits] r51756 - data/CVE

Fri May 19 16:23:25 UTC 2017

Author: hle
Date: 2017-05-19 16:23:25 +0000 (Fri, 19 May 2017)
New Revision: 51756

Modified:
   data/CVE/list
Log:
CVE triage for libav in wheezy by Diego Biurrun

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-05-19 16:05:21 UTC (rev 51755)
+++ data/CVE/list	2017-05-19 16:23:25 UTC (rev 51756)
@@ -32705,7 +32705,6 @@
 	NOT-FOR-US: Adobe Flash
 CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in ...)
 	- ffmpeg 7:3.1.3-1
-	- libav <undetermined>
 CVE-2016-6919
 	RESERVED
 CVE-2016-6918
@@ -32769,7 +32768,6 @@
 	RESERVED
 CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before ...)
 	- ffmpeg 7:3.1.3-1 (unimportant)
-	- libav <undetermined> (unimportant)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
 CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a ...)
@@ -47932,11 +47930,9 @@
 	NOTE: Fixed in 5.6.18, 7.0.3
 CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...)
 	- ffmpeg 2.8.6-1
-	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
 CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate ...)
 	- ffmpeg 2.8.6-1
-	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
 CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
 	- ffmpeg 2.8.6-1
@@ -52471,6 +52467,7 @@
 	- ffmpeg 7:2.8.4-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
+	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
 CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in ...)
 	- ffmpeg 7:2.8.3-1
@@ -56744,6 +56741,7 @@
 	- ffmpeg 7:2.8.2-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <undetermined>
+	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=43492ff3ab68a343c1264801baa1d5a02de10167
 CVE-2015-8218 (The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...)
 	- ffmpeg 7:2.8.2-1
@@ -60742,6 +60740,7 @@
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
+	[wheezy] - libav <not-affected> (Vulnerable code not present)
 CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
@@ -60765,7 +60764,6 @@
 CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in ...)
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
-	- libav <undetermined>
 CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
@@ -61088,6 +61086,7 @@
 	- ffmpeg 7:2.8.1-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
+	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- chromium-browser 44.0.2403.157-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>


