[Secure-testing-commits] r55549 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Thu Sep 7 16:59:42 UTC 2017
Author: hle
Date: 2017-09-07 16:59:42 +0000 (Thu, 07 Sep 2017)
New Revision: 55549
Modified:
data/CVE/list
Log:
Mark CVE-2017-9996 <not-affected> in wheezy & jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-07 16:55:31 UTC (rev 55548)
+++ data/CVE/list 2017-09-07 16:59:42 UTC (rev 55549)
@@ -9886,10 +9886,11 @@
NOT-FOR-US: ubuntu-image
CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...)
- ffmpeg 7:3.2.5-1
- - libav <undetermined>
- [wheezy] - libav <not-affected> (Vulnerable code not present)
+ - libav <not-affected> (Vulnerable feature not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
+ NOTE: The bug affects FFmpeg's support for CHUNKY cdxl files, a feature that is
+ NOTE: not present in Libav. Libav detects CHUNKY files and bails out early.
CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list