[Secure-testing-commits] r56997 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Oct 26 17:26:32 UTC 2017 

Author: jmm
Date: 2017-10-26 17:26:32 +0000 (Thu, 26 Oct 2017)
New Revision: 56997

Modified:
   data/CVE/list
Log:
ffmpeg upstream reference (checked with upstream)
unrar-free, libsdl no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-26 16:53:48 UTC (rev 56996)
+++ data/CVE/list	2017-10-26 17:26:32 UTC (rev 56997)
@@ -1711,9 +1711,10 @@
 	NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
 	NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d
 CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ...)
-	- ffmpeg <undetermined>
+	- ffmpeg <unfixed>
+	- libav <undetermined>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
-	TODO: check
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
 CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis ...)
 	- mp3splt 2.6.2+20170630-2
 	[jessie] - mp3splt <not-affected> (Vulnerable code not present)
@@ -4830,6 +4831,8 @@
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory ...)
 	{DLA-1091-1}
 	- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
+	[stretch] - unrar-free <no-dsa> (Minor issue)
+	[jessie] - unrar-free <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29
 CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, ...)
@@ -38697,6 +38700,8 @@
 	RESERVED
 CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a ...)
 	- libsdl2 2.0.6+dfsg1-4 (bug #878264)
+	[stretch] - libsdl2 <no-dsa> (Minor issue)
+	[jessie] - libsdl2 <no-dsa> (Minor issue)
 	- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
 	NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5

More information about the Secure-testing-commits mailing list