[Git][security-tracker-team/security-tracker][master] automatic update

Sun Mar 31 09:11:03 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74dc6d16 by security tracker role at 2019-03-31T08:10:55Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40730,7 +40730,7 @@ CVE-2018-1999013 (FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0
 	[jessie] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f
 CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...)
-	{DSA-4249-1}
+	{DSA-4249-1 DLA-1740-1}
 	- ffmpeg 7:4.0.2-1
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e
@@ -63139,7 +63139,7 @@ CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! v
 CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-17 ...)
 	NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg thro ...)
-	{DSA-4249-1}
+	{DSA-4249-1 DLA-1740-1}
 	- ffmpeg 7:3.4.2-1
 	- libav <removed>
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
@@ -67963,6 +67963,7 @@ CVE-2017-1000462 (BookStack version 0.18.4 is vulnerable to stored cross-site sc
 CVE-2017-1000461 (Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulne ...)
 	- brave-browser <itp> (bug #864795)
 CVE-2017-1000460 (In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chr ...)
+	{DLA-1740-1}
 	- libav <removed>
 	- ffmpeg 7:3.1.1-1
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=952
@@ -91543,7 +91544,7 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an E
 	[jessie] - libav <not-affected> (vulnerable code is not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
 CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not  ...)
-	{DSA-3996-1}
+	{DSA-3996-1 DLA-1740-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
@@ -183323,7 +183324,7 @@ CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Fo
 CVE-2015-1873
 	RESERVED
 CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg be ...)
-	{DLA-644-1}
+	{DLA-1740-1 DLA-644-1}
 	- ffmpeg 7:2.5.4-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74dc6d16b9e414f8fcc659f6cca0a54354c671c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74dc6d16b9e414f8fcc659f6cca0a54354c671c9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190331/f1964e95/attachment-0001.html>
