[Git][security-tracker-team/security-tracker][master] CVE-2019-14371/libav: fixed through CVE-2018-11102

Sylvain Beucler beuc at debian.org
Thu Nov 14 19:25:05 GMT 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a51f30c by Sylvain Beucler at 2019-11-14T19:24:26Z
CVE-2019-14371/libav: fixed through CVE-2018-11102

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16206,8 +16206,10 @@ CVE-2019-14372 (In Libav 12.3, there is an infinite loop in the function wv_read
 	- libav <removed>
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1165
 CVE-2019-14371 (An issue was discovered in Libav 12.3. There is an infinite loop in th ...)
+	{DLA-1907-1}
 	- libav <removed>
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1163
+	NOTE: fixed through CVE-2018-11102 / https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/7abf394814d818973db562102f21ab9d10540840
 CVE-2019-14370 (In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...)
 	- exiv2 <unfixed>
 	[jessie] - exiv2 <not-affected> (poc not triggered with asan/valgrind, different MemIo::seek bound check)


=====================================
data/DLA/list
=====================================
@@ -260,7 +260,7 @@
 [02 Sep 2019] DLA-1908-1 pump - security update
 	[jessie] - pump 0.8.24-7+deb8u1
 [31 Aug 2019] DLA-1907-1 libav - security update
-	{CVE-2017-9987 CVE-2018-5766 CVE-2018-11102 CVE-2019-14372 CVE-2019-14442}
+	{CVE-2017-9987 CVE-2018-5766 CVE-2018-11102 CVE-2019-14372 CVE-2019-14442 CVE-2019-14371}
 	[jessie] - libav 6:11.12-1~deb8u8
 [31 Aug 2019] DLA-1906-1 python2.7 - security update
 	{CVE-2018-20852}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a51f30c07c64efb5272d253179611aaa3b5d68f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a51f30c07c64efb5272d253179611aaa3b5d68f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191114/ce3e5af1/attachment.html>

More information about the debian-security-tracker-commits mailing list