[Git][security-tracker-team/security-tracker][master] 2 commits: data/CVE/list: Mark libav in jessie as <not-affected> by CVE-2018-13301.

Mike Gabriel sunweaver at debian.org
Tue Jan 22 21:37:05 GMT 2019 

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acc16c4d by Mike Gabriel at 2019-01-22T21:36:31Z
data/CVE/list: Mark libav in jessie as <not-affected> by CVE-2018-13301.

- - - - -
101c291e by Mike Gabriel at 2019-01-22T21:36:31Z
Reserve DLA-1638-1 for libjpeg-turbo

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -32538,6 +32538,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor
 	- ffmpeg 7:4.0.2-1 (low)
 	[stretch] - ffmpeg <not-affected> (3.2.x not affected)
 	- libav <removed>
+	[jessie] - libav <not-affected> (Vulnerable code path not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
 	NOTE: It looks like Jessie is not affected but we need the reproducer to confirm this assumption.
 CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Jan 2019] DLA-1638-1 libjpeg-turbo - security update
+	{CVE-2016-3616 CVE-2018-1152 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214}
+	[jessie] - libjpeg-turbo 1:1.3.1-12+deb8u1
 [22 Jan 2019] DLA-1637-1 apt - security update
 	{CVE-2019-3462}
 	[jessie] - apt 1.0.9.8.5


=====================================
data/dla-needed.txt
=====================================
@@ -67,9 +67,6 @@ krb5 (Thorsten Alteholz)
 --
 libav (Mike Gabriel)
 --
-libjpeg-turbo (Mike Gabriel)
-  NOTE: 20190121: as Mike is an Uploader:, probably he wants to do this ...
---
 libraw (Abhijith PA)
   NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
   NOTE: especially those that are still marked vulnerable in Stretch but also



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7318a958a8e5a8b392bd859398cc965203ade457...101c291e0c3fdda15a462cc8b06129bbc46b180e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7318a958a8e5a8b392bd859398cc965203ade457...101c291e0c3fdda15a462cc8b06129bbc46b180e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190122/55648075/attachment.html>

More information about the debian-security-tracker-commits mailing list