[Secure-testing-commits] r56888 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Oct 20 11:39:27 UTC 2017
Author: carnil
Date: 2017-10-20 11:39:27 +0000 (Fri, 20 Oct 2017)
New Revision: 56888
Modified:
data/CVE/list
Log:
Add new ffmpeg issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-20 09:24:10 UTC (rev 56887)
+++ data/CVE/list 2017-10-20 11:39:27 UTC (rev 56888)
@@ -1176,8 +1176,11 @@
NOTE: https://github.com/Cacti/cacti/issues/1010
NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d
-CVE-2017-15186
+CVE-2017-15186 [Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder]
RESERVED
+ - ffmpeg <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
+ TODO: check
CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis ...)
- mp3splt 2.6.2+20170630-2
[jessie] - mp3splt <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list