[Secure-testing-commits] r51758 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Fri May 19 17:26:43 UTC 2017
Author: hle
Date: 2017-05-19 17:26:43 +0000 (Fri, 19 May 2017)
New Revision: 51758
Modified:
data/CVE/list
Log:
Re-introduce previously removed <undetermined> entries for libav and mark them <not-affected> with appropriate NOTE.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-19 17:08:09 UTC (rev 51757)
+++ data/CVE/list 2017-05-19 17:26:43 UTC (rev 51758)
@@ -32708,6 +32708,8 @@
NOT-FOR-US: Adobe Flash
CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in ...)
- ffmpeg 7:3.1.3-1
+ - libav <not-affected>
+ NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6919
RESERVED
CVE-2016-6918
@@ -32771,8 +32773,10 @@
RESERVED
CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before ...)
- ffmpeg 7:3.1.3-1 (unimportant)
+ - libav <not-affected>
NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
+ NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a ...)
- lshell <removed> (bug #834949)
[wheezy] - lshell <not-affected> (Vulnerable code not present)
@@ -47933,10 +47937,14 @@
NOTE: Fixed in 5.6.18, 7.0.3
CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...)
- ffmpeg 2.8.6-1
+ - libav <not-affected>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
+ NOTE: Libav not affected according to upstream.
CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate ...)
- ffmpeg 2.8.6-1
+ - libav <not-affected>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
+ NOTE: Vulnerable code not present in any Libav version.
CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
- ffmpeg 2.8.6-1
- libav <not-affected> (Vulnerable code not present)
@@ -60767,6 +60775,8 @@
CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in ...)
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
+ - libav <not-affected>
+ NOTE: Vulnerable code not present in any Libav version.
CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...)
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
More information about the Secure-testing-commits
mailing list