[Git][security-tracker-team/security-tracker][master] libav: tidy updated vulnerabilities
Sylvain Beucler
beuc at debian.org
Sat Nov 23 11:05:26 GMT 2019
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a18936e by Sylvain Beucler at 2019-11-23T11:03:10Z
libav: tidy updated vulnerabilities
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16694,9 +16694,9 @@ CVE-2019-14442 (In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an inpu
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1159
CVE-2019-14441 (** DISPUTED ** An issue was discovered in Libav 12.3. An access violat ...)
- libav <removed>
- [jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent info upstream)
+ [jessie] - libav <postponed> (cf. CVE-2018-19129)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0
- NOTE: Duplicate of CVE-2019-19129
+ NOTE: Duplicate of CVE-2018-19129
CVE-2019-14440
RESERVED
CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
@@ -31611,7 +31611,7 @@ CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12
NOTE: "Denial of service due to quadratic call to strstr in srtdec.c"
NOTE: Using strstr is not an actual DoS
CVE-2019-9719 (** DISPUTED ** A stack-based buffer overflow in the subtitle decoder i ...)
- - libav <undetermined>
+ - libav <unfixed> (unimportant)
NOTE: Generic low-certainty warning about snprintf usage without rationale
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...)
{DSA-4449-1}
@@ -59169,12 +59169,12 @@ CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's
NOT-FOR-US: Flarum Core
CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...)
- libav <removed>
- [jessie] - libav <ignored> (cf. CVE-2017-17127)
+ [jessie] - libav <postponed> (cf. CVE-2017-17127)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
NOTE: Duplicate of CVE-2017-17127
CVE-2018-19129 (In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue i ...)
- libav <removed>
- [jessie] - libav <postponed> (cf. CVE-2019-14441)
+ [jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent info upstream)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1138
NOTE: Duplicate of CVE-2019-14441
CVE-2018-19128 (In Libav 12.3, there is a heap-based buffer over-read in decode_frame ...)
@@ -110204,9 +110204,10 @@ CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1104
CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 all ...)
- libav <removed>
- [jessie] - libav <ignored> (Minor issue)
+ [jessie] - libav <postponed> (no patch)
[wheezy] - libav <ignored> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
+ NOTE: Duplicate of CVE-2018-19130
CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 al ...)
[experimental] - binutils 2.29.51.20171208-1
- binutils 2.29.90.20180122-1 (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a18936ef3f72e2bee5052f7bd803837785b8433
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a18936ef3f72e2bee5052f7bd803837785b8433
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191123/b41c03c4/attachment.html>
More information about the debian-security-tracker-commits
mailing list