[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: update status of qemu.

Tue May 28 15:23:49 BST 2019


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e4f3aca by Mike Gabriel at 2019-05-28T14:23:28Z
data/dla-needed.txt: update status of qemu.

- - - - -
d0698db6 by Mike Gabriel at 2019-05-28T14:23:29Z
data/CVE/list: libav in jessie not affected by CVE-2019-9721.

- - - - -
bdd2df27 by Mike Gabriel at 2019-05-28T14:23:30Z
Markt libav in jessie being not-affected by CVE-2019-9718.

- - - - -
bb28d04b by Mike Gabriel at 2019-05-28T14:23:31Z
data/CVE/list: libav in Debian (jessie only) is affected by CVE-2019-11338.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2546,7 +2546,7 @@ CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmp
 CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
 	{DSA-4449-1}
 	- ffmpeg 7:4.1.3-1
-	- libav <undetermined>
+	- libav <unfixed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
 CVE-2019-11337
 	RESERVED
@@ -7309,7 +7309,8 @@ CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows
 	- ffmpeg 7:4.1.3-1 (bug #926666)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
-	- libav <undetermined>
+	- libav <unfixed>
+	[jessie] - libav <not-affected> (Vulnerable code not present)
 CVE-2019-9720
 	RESERVED
 CVE-2019-9719
@@ -7318,7 +7319,8 @@ CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows
 	{DSA-4449-1}
 	- ffmpeg 7:4.1.3-1 (low; bug #926666)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
-	- libav <undetermined>
+	- libav <unfixed>
+	[jessie] - libav <not-affected> (Vulnerable code not present)
 CVE-2019-9717
 	RESERVED
 CVE-2019-9716


=====================================
data/dla-needed.txt
=====================================
@@ -101,6 +101,10 @@ python3.4 (Roberto C. Sánchez)
   NOTE: 20190519: Patches integrated for CVE-2018-14647, CVE-2019-9636, CVE-2019-9947 and CVE-2019-9740 (roberto)
 --
 qemu (Mike Gabriel)
+  NOTE: 20190528: An upload candidate is waiting for being tested on real hardware.
+  NOTE: 20190528: Still need to set up a notebook with jessie installed for testing.
+  NOTE: 20190528: Will also mail a request for testing to the mailing list later
+  NOTE: 20190528: today.
 --
 ruby-omniauth (Abhijith PA)
   NOTE: CVE-2015-9284: The vulnerability is rathar bad, especially in combination with other



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/20aa21dd5878114e3568e6ce11a7c957304d2fb1...bb28d04b7b37a919d8863859c40d3f2453713f0a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/20aa21dd5878114e3568e6ce11a7c957304d2fb1...bb28d04b7b37a919d8863859c40d3f2453713f0a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190528/afdd9c82/attachment.html>
