[Git][security-tracker-team/security-tracker][master] libav: jessie triage update
Sylvain Beucler
beuc at debian.org
Thu Dec 5 17:28:43 GMT 2019
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7707c2c5 by Sylvain Beucler at 2019-12-05T17:27:14Z
libav: jessie triage update
CVE-2018-19130
CVE-2017-17127
CVE-2017-18247
CVE-2017-18246
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61826,7 +61826,6 @@ CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's
NOT-FOR-US: Flarum Core
CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...)
- libav <removed>
- [jessie] - libav <postponed> (cf. CVE-2017-17127)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
NOTE: Duplicate of CVE-2017-17127
CVE-2018-19129 (In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue i ...)
@@ -88944,12 +88943,12 @@ CVE-2018-1000137 (I, Librarian version 4.8 and earlier contains a Cross site Req
NOTE: https://github.com/mkucej/i-librarian/issues/121
CVE-2017-18247 (The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12. ...)
- libav <removed> (low)
- [jessie] - libav <ignored> (Minor issue, clean crash, not reproducible)
+ [jessie] - libav <ignored> (Minor issue, clean crash, not reproducible with 11.12)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1089
NOTE: referenced patch 27085d1b should protect direct ./avconv vectors but situation is unclear for library vectors
CVE-2017-18246 (The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows ...)
- libav <removed> (low)
- [jessie] - libav <ignored> (Minor issue, oob read, not reproducible, no patch)
+ [jessie] - libav <ignored> (Minor issue, oob read, not reproducible with 11.12, no patch)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1095
CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows rem ...)
- libav <removed>
@@ -112889,7 +112888,6 @@ CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1104
CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 all ...)
- libav <removed>
- [jessie] - libav <postponed> (no patch)
[wheezy] - libav <ignored> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
NOTE: Duplicate of CVE-2018-19130
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7707c2c5d908fd98b741e33a2147e409ab68390c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7707c2c5d908fd98b741e33a2147e409ab68390c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191205/cc161843/attachment.html>
More information about the debian-security-tracker-commits
mailing list