[Git][security-tracker-team/security-tracker][master] Mark CVEs fixed by ffmpeg 3.4.3 as fixed

Sebastian Ramacher sramacher at debian.org
Tue Jul 10 22:05:25 BST 2018 

Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19abeff6 by Sebastian Ramacher at 2018-07-10T22:50:43+02:00
Mark CVEs fixed by ffmpeg 3.4.3 as fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1169,7 +1169,7 @@ CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to ...)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78
 CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than ...)
-	- ffmpeg <unfixed>
+	- ffmpeg 7:3.4.3-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
 CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value before ...)
@@ -1177,7 +1177,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
 CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...)
-	- ffmpeg <unfixed>
+	- ffmpeg 7:3.4.3-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
 CVE-2018-13299
@@ -3272,7 +3272,7 @@ CVE-2018-12459 (An inconsistent bits-per-sample value in the ...)
 	[stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release fixes it)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c
 CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in ...)
-	- ffmpeg <unfixed> (low)
+	- ffmpeg 7:3.4.3-1 (low)
 	[stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release fixes it)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
 CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin ...)
@@ -9711,7 +9711,7 @@ CVE-2018-10003
 CVE-2018-10002
 	RESERVED
 CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
-	- ffmpeg <unfixed> (low)
+	- ffmpeg 7:3.4.3-1 (low)
 	[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x release)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
 	- libav <undetermined>
@@ -10054,7 +10054,7 @@ CVE-2018-9843 (The REST API in CyberArk Password Vault Web Access before 9.9.5 a
 CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to obtain ...)
 	NOT-FOR-US: CyberArk Password Vault
 CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg through ...)
-	- ffmpeg <unfixed> (low)
+	- ffmpeg 7:3.4.3-1 (low)
 	[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x release)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
@@ -15157,7 +15157,7 @@ CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
 CVE-2018-7754
 	RESERVED
 CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 ...)
-	- ffmpeg <unfixed>
+	- ffmpeg 7:3.4.3-1
 	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
@@ -15880,7 +15880,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample 
 CVE-2018-7558
 	RESERVED
 CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
-	- ffmpeg <unfixed>
+	- ffmpeg 7:3.4.3-1
 	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
 	- libav <removed>
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19abeff6e91d36de91009e12791bda78c0362218

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19abeff6e91d36de91009e12791bda78c0362218
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180710/fe6e4fd3/attachment.html>

More information about the debian-security-tracker-commits mailing list