[Git][security-tracker-team/security-tracker][master] 2 commits: [libav LTS triaging] data/CVE/list: Add ffmpeg upstream commit that fixes…

[Mike Gabriel]

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dea2e4c0 by Mike Gabriel at 2018-11-30T19:36:05Z
[libav LTS triaging] data/CVE/list: Add ffmpeg upstream commit that fixes CVE-2015-6820 for libav in jessie.

- - - - -
2d6a70fa by Mike Gabriel at 2018-11-30T19:37:51Z
data/dla-needed.txt: improve notes about recently added libav CVEs.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -143998,7 +143998,8 @@ CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmp
 CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
-	- libav <undetermined>
+	- libav <removed>
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
 CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in ...)
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)


=====================================
data/dla-needed.txt
=====================================
@@ -26,8 +26,9 @@ libav (Markus Koschany, Mike Gabriel)
   NOTE: 20181129: "undetermined" issues. Then we can decide what CVE should be fixed ASAP.
   NOTE: 20181130: Adding my self as co-worker. Coordination of CVEs to be worked on: IRC
   NOTE: 20181130: #debian-lts.
-  NOTE: 20181130: CVE-2015-6761: patch available, issue non-reproducible, vulnerable (for now)
-  NOTE: 20181130: CVE-2015-6818: patch available, issue untested, vulnerable
+  NOTE: 20181130: CVE-2015-6761: patch available, issue non-reproducible, vulnerable (maybe: not-affected instead)
+  NOTE: 20181130: CVE-2015-6818: patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6820: patch available, issue untested (no PoC), vulnerable
 --
 libsndfile (Hugo Lefeuvre)
   NOTE: 20181123: CVE-2018-19432 minor but several older CVEs triaged no-dsa (such as CVE-2017-8361)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/12ac926fc6418b85fbc2994f72fd356268b376e1...2d6a70fa8fb81e94727e30ee8a5e20fd94c04fa7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/12ac926fc6418b85fbc2994f72fd356268b376e1...2d6a70fa8fb81e94727e30ee8a5e20fd94c04fa7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181130/3720f14f/attachment-0001.html>