[Git][security-tracker-team/security-tracker][master] ffmpeg triage
Moritz Muehlenhoff
jmm at debian.org
Thu Jul 12 11:42:14 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38ffdb18 by Moritz Muehlenhoff at 2018-07-12T12:41:48+02:00
ffmpeg triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1440,28 +1440,34 @@ CVE-2018-13306
RESERVED
CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the ...)
- ffmpeg <unfixed>
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4
CVE-2018-13304 (In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency ...)
- ffmpeg <unfixed>
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235
CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to ...)
- ffmpeg <unfixed>
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78
CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than ...)
- ffmpeg 7:3.4.3-1
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
+ NOTE: Fixed in 3.2.11
CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value before ...)
- - ffmpeg <unfixed>
+ - ffmpeg <unfixed> (low)
+ [stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release fixes it)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...)
- ffmpeg 7:3.4.3-1
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
+ NOTE: Fixed in 3.2.11
CVE-2018-13299
RESERVED
CVE-2018-13298
@@ -3559,8 +3565,8 @@ CVE-2018-12459 (An inconsistent bits-per-sample value in the ...)
CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in ...)
[experimental] - ffmpeg 7:4.0.1-1 (low)
- ffmpeg 7:3.4.3-1 (low)
- [stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release fixes it)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
+ NOTE: Fixed in 3.2.11
CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin ...)
NOT-FOR-US: expressCart
CVE-2018-12456
@@ -10012,9 +10018,9 @@ CVE-2018-10002
RESERVED
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
- ffmpeg 7:3.4.3-1 (low)
- [stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x release)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
- libav <undetermined>
+ NOTE: Fixed in 3.2.11
CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 for ...)
NOT-FOR-US: The Video Downloader professional extension for Chrome
CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities ...)
@@ -47745,7 +47751,7 @@ CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl functi
NOTE: https://patchwork.kernel.org/patch/9929625/
NOTE: Non issue, only "exploitable" with root access
CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
- - ffmpeg <undetermined>
+ NOT-FOR-US: libbpg
NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
{DSA-4031-1 DLA-1114-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/38ffdb18893eede75473e3f7b7816d3924962c2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/38ffdb18893eede75473e3f7b7816d3924962c2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180712/9b020abe/attachment.html>
More information about the debian-security-tracker-commits
mailing list