[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: re-add libav and re-claim it

[Mike Gabriel]

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd9d9707 by Mike Gabriel at 2019-08-31T21:49:05Z
data/dla-needed.txt: re-add libav and re-claim it

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -57,6 +57,18 @@ imagemagick
 --
 irssi (Mike Gabriel)
 --
+libav (Mike Gabriel)
+  NOTE: 20190831: There are currently 19 CVE issues known for libav in jessie,
+  NOTE: 20190831: 11 tagged as <no-dsa>. These issues have been triaged, no patch
+  NOTE: 20190831: has been found, so far. If you pick libav, be prepared to work
+  NOTE: 20190831: out what these patches might be.
+  NOTE: 20190831: What helps... Most issues have been resolved in ffmpeg, but
+  NOTE: 20190831: have not been referenced as such. The upstream bug reports
+  NOTE: 20190831: for libav have often been debugged very accurately, so that it is
+  NOTE: 20190831: possible to derive from the libav bug report which ffmpeg commit
+  NOTE: 20190831: might fix the issue. Furthermore, most libav bugs have PoCs,
+  NOTE: 20190831: so there is something one can test with and see if the fix worked.
+--
 libcommons-compress-java
   NOTE: 20190830: no patch reference found (sunweaver)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd9d9707bb4fafd56ef824ee6fb6ad9dda8e788b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd9d9707bb4fafd56ef824ee6fb6ad9dda8e788b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190831/840db3bf/attachment-0001.html>