[Git][security-tracker-team/security-tracker][master] 3 commits: data/CVE/list: Mark libav in jessie as not affected by CVE-2017-11719.

Tue Jan 22 15:25:38 GMT 2019

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c7f5f45 by Mike Gabriel at 2019-01-22T15:24:29Z
data/CVE/list: Mark libav in jessie as not affected by CVE-2017-11719.

- - - - -
43b33519 by Mike Gabriel at 2019-01-22T15:24:30Z
data/CVE/list: Mark libav in jessie not affected by CVE-2017-14225.

- - - - -
60ec43ca by Mike Gabriel at 2019-01-22T15:25:15Z
data/dla-needed.txt: Claim libjpeg-turbo.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -79483,7 +79483,8 @@ CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and ...)
 CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
+	[jessie] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
 CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ...)
 	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
@@ -86929,6 +86930,7 @@ CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFm
 	{DSA-3957-1}
 	- ffmpeg 7:3.3.3-1
 	- libav <removed>
+	[jessie] - libav <not-affected> (Issue only present in ffmpeg since 6f1ccca4)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92
 	NOTE: Fixed in 3.2.7
 CVE-2017-11718 (There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl ...)


=====================================
data/dla-needed.txt
=====================================
@@ -67,7 +67,7 @@ krb5 (Thorsten Alteholz)
 --
 libav (Mike Gabriel)
 --
-libjpeg-turbo
+libjpeg-turbo (Mike Gabriel)
   NOTE: 20190121: as Mike is an Uploader:, probably he wants to do this ...
 --
 libraw (Abhijith PA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/51a86f828b2084e1e555bb53da14da0cfa0c3382...60ec43ca999cc91d7a6c671caef2f13f46328b17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/51a86f828b2084e1e555bb53da14da0cfa0c3382...60ec43ca999cc91d7a6c671caef2f13f46328b17
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190122/885e541b/attachment.html>
