[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage results.

[Ola Lundqvist]

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52b25e0a by Ola Lundqvist at 2018-01-31T21:29:04+01:00
Triage results.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13,6 +13,7 @@ CVE-2018-6407 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21
 	NOT-FOR-US: CIPCAMPTIWL devices
 CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in ...)
 	- chromium-browser <unfixed>
+	[wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
 	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
 	TODO: check
@@ -1663,6 +1664,7 @@ CVE-2018-5767
 CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packet_ref ...)
 	- libav <removed>
 	[jessie] - libav <ignored> (Minor issue)
+	[wheezy] - libav <ignored> (Minor issue)
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1112
 CVE-2018-5765
 	RESERVED
@@ -14381,6 +14383,7 @@ CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav
 CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 ...)
 	- libav <removed>
 	[jessie] - libav <ignored> (Minor issue)
+	[wheezy] - libav <ignored> (Minor issue)
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
 CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 ...)
 	[experimental] - binutils 2.29.51.20171208-1
@@ -60148,12 +60151,14 @@ CVE-2016-9825 (libswscale/utils.c in libav 11.8 allows remote attackers to cause
 CVE-2016-9824 (Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows ...)
 	- libav <removed>
 	[jessie] - libav <no-dsa> (Minor issue)
+	[wheezy] - libav <ignored> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
 	NOTE: https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=983
 CVE-2016-9823 (libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to ...)
 	- libav <removed>
 	[jessie] - libav <no-dsa> (Minor issue)
+	[wheezy] - libav <ignored> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
 	NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982
@@ -82291,6 +82296,7 @@ CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as 
 CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat ...)
 	- libav <removed> (low)
 	[jessie] - libav <no-dsa> (Minor issue)
+	[wheezy] - libav <ignored> (Minor issue)
 	NOTE: This is an issue in ffmpeg/libav, which is fixed in stretch's ffmpeg, but it's unclear when it was fixed exactly
 	NOTE: https://trac.mplayerhq.hu/ticket/2298
 CVE-2016-5102 (Buffer overflow in the readgifimage function in gif2tiff.c in the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52b25e0a4a3583803a89b8c81ad0a588622e5c8b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52b25e0a4a3583803a89b8c81ad0a588622e5c8b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180131/c1ad940c/attachment.html>