[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2018,6912,libav: Jessie is not affected.

Mon Dec 10 14:40:48 GMT 2018

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37817c4c by Markus Koschany at 2018-12-10T14:03:56Z
CVE-2018,6912,libav: Jessie is not affected.

Vulnerable code is not present.

- - - - -
ab22ff3c by Markus Koschany at 2018-12-10T14:12:13Z
CVE-2018-6621,libav: Jessie is affected

- - - - -
f47ff306 by Markus Koschany at 2018-12-10T14:39:50Z
CVE-2018-6392,libav: Jessie is affected

The vulnerable code is in filter_frame instead of filter_slice.

- - - - -
759a78e2 by Markus Koschany at 2018-12-10T14:40:32Z
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38166,7 +38166,8 @@ CVE-2018-6913 (Heap-based buffer overflow in the pack function in Perl before 5.
 CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
 	- ffmpeg 7:4.0.1-2 (low)
 	[stretch] - ffmpeg <not-affected> (Code in 3.2 is different/not affected)
-	- libav <undetermined>
+	- libav
+	[jessie] - libav <not-affected> (vulnerable code is not present)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
 CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess ...)
 	NOT-FOR-US: Advantech WebAccess
@@ -38998,7 +38999,7 @@ CVE-2018-6622 (An issue was discovered that affects all producers of BIOS firmwa
 CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
 	{DSA-4249-1}
 	- ffmpeg 7:3.4.2-1 (low)
-	- libav <undetermined>
+	- libav
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
 	NOTE: Fixed in 3.2.11
 CVE-2018-6620
@@ -39789,12 +39790,13 @@ CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
 	{DSA-4249-1}
 	- ffmpeg 7:3.4.2-1
-	- libav <undetermined>
+	- libav
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
 	NOTE: Needs as well: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
 	NOTE: fixing a (functional) regression introduced by the original fix.
 	NOTE: Fixed in 3.2.11, the commit in the 3.2 branch (c4ba170cad2ccdd896ea6fd3a890980008606541)
 	NOTE: has the regression fix squashed in
+	NOTE: The vulnerable function is filter_frame in libav.
 CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovered on ...)
 	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bb604b00d7cf4a7b28cec29ab59c95861223836...759a78e2af00b650659cdb1927b070554310047a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bb604b00d7cf4a7b28cec29ab59c95861223836...759a78e2af00b650659cdb1927b070554310047a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181210/4fcb6247/attachment.html>
