[Git][security-tracker-team/security-tracker][master] Mark libav not affected by CVE-2018-9841
Hugo Lefeuvre
hle at debian.org
Wed May 30 02:48:44 BST 2018
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da11c3f4 by Hugo Lefeuvre at 2018-05-29T21:45:42-04:00
Mark libav not affected by CVE-2018-9841
This vulnerability affects the signature filter for MPEG7 video
signature, which was recently added to ffmpeg. This filter is
not present in libav. Consequently this issue is not affecting
libav in Wheezy and Jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4199,7 +4199,7 @@ CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to obt
CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg through ...)
- ffmpeg <unfixed> (low)
[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x release)
- - libav <undetermined>
+ - libav <not-affected> (Vulnerable code not present)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically ...)
NOT-FOR-US: Open Whisper Signal app for iOS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da11c3f471995b32e5366b2d8823ff77ec0bdbee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da11c3f471995b32e5366b2d8823ff77ec0bdbee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180530/70d014a0/attachment.html>
More information about the debian-security-tracker-commits
mailing list