[Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2017-14058,libav: Jessie is affected

Thu Dec 13 21:52:17 GMT 2018

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe1d75d0 by Markus Koschany at 2018-12-13T21:26:53Z
CVE-2017-14058,libav: Jessie is affected

- - - - -
0dd76fc7 by Markus Koschany at 2018-12-13T21:41:58Z
CVE-2017-14057,libav: Jessie is affected

- - - - -
22d2c882 by Markus Koschany at 2018-12-13T21:46:46Z
CVE-2017-14056,libav: Jessie is affected

- - - - -
c843a724 by Markus Koschany at 2018-12-13T21:48:08Z
CVE-2017-14055,libav: Jessie is affected

- - - - -
dc73d06b by Markus Koschany at 2018-12-13T21:50:51Z
CVE-2017-14054,libav: Jessie is not affected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69351,27 +69351,29 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an E
 CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
 CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329
+	NOTE: libav: The vulnerable code is in asfdec.c.
 CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
 CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
 CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
+	[jessie] - libav <not-affected> (vulnerable code is not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49
 CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 ...)
 	NOT-FOR-US: NetApp



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0d23ca2b2fba3763829fd8586e46dfc04c7e9dad...dc73d06b8570e068daa629ad88509439c76aa749

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0d23ca2b2fba3763829fd8586e46dfc04c7e9dad...dc73d06b8570e068daa629ad88509439c76aa749
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181213/fe9aa383/attachment.html>
