[Git][security-tracker-team/security-tracker][master] ffmpeg triage

Moritz Muehlenhoff jmm at debian.org
Fri Jul 13 15:53:56 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cc3ff43 by Moritz Muehlenhoff at 2018-07-13T16:53:25+02:00
ffmpeg triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -18431,7 +18431,7 @@ CVE-2018-6913 (Heap-based buffer overflow in the pack function in Perl before 5.
 	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527
 CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
 	- ffmpeg <unfixed> (low)
-	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
+	[stretch] - ffmpeg <not-affected> (Code in 3.2 is different/not affected)
 	- libav <undetermined>
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
 CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess ...)
@@ -20036,11 +20036,12 @@ CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
 	NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
 	- ffmpeg 7:3.4.2-1
-	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
 	- libav <undetermined>
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
 	NOTE: Needs as well: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
 	NOTE: fixing a (functional) regression introduced by the original fix.
+	NOTE: Fixed in 3.2.11, the commit in the 3.2 branch (c4ba170cad2ccdd896ea6fd3a890980008606541)
+	NOTE: has the regression fix squashed in
 CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovered on ...)
 	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cc3ff43aab0272e637f7f075b101adc226c6ef7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cc3ff43aab0272e637f7f075b101adc226c6ef7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180713/12bded97/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list