[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] New ffmpeg issue

Moritz Muehlenhoff jmm at debian.org
Mon Feb 12 09:20:12 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e36030d by Moritz Muehlenhoff at 2018-02-12T10:19:50+01:00
New ffmpeg issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,10 @@
 CVE-2018-6913
 	RESERVED
 CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
-	TODO: check
+	- ffmpeg <unfixed> (low)
+	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
+	- libav <undetermined>
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
 CVE-2018-6911
 	RESERVED
 CVE-2018-6910
@@ -795,9 +798,10 @@ CVE-2017-18124
 CVE-2018-6622
 	RESERVED
 CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <unfixed> (low)
+	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
+	- libav <undetermined>
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
-	TODO: check
 CVE-2018-6620 (Odoo does not require authentication to be configured for a Backup ...)
 	NOT-FOR-US: Odoo
 CVE-2018-6619
@@ -1484,6 +1488,8 @@ CVE-2018-6393 (FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allo
 	NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
 	- ffmpeg <unfixed>
+	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
+	- libav <undetermined>
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
 	NOTE: Needs as well: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
 	NOTE: fixing a (functional) regression introduced by the original fix.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e36030d4d56a896bbf53e20e66fd1f96445ee0c

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e36030d4d56a896bbf53e20e66fd1f96445ee0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180212/ad2d522d/attachment.html>

More information about the Secure-testing-commits mailing list