[Git][security-tracker-team/security-tracker][master] milkytracker, ffmpeg fixed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e0893e3 by Moritz Muehlenhoff at 2019-10-28T18:40:02Z
milkytracker, ffmpeg fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3058,7 +3058,7 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32
 	NOTE: https://github.com/lz4/lz4/pull/756
 	NOTE: https://github.com/lz4/lz4/pull/760
 CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
-	- ffmpeg <unfixed>
+	- ffmpeg 7:4.2.1-1
 	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed>
@@ -3086,7 +3086,7 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
 CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
-	- ffmpeg <unfixed> (low)
+	- ffmpeg 7:4.2.1-1 (low)
 	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed> (low)
@@ -11608,14 +11608,14 @@ CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/c
 	NOTE: https://www.videolan.org/security/sb-vlc308.html
 CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
 	{DLA-1961-1}
-	- milkytracker <unfixed> (bug #933964)
+	- milkytracker 1.02.00+dfsg-2 (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
 	NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
 CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
 	{DLA-1961-1}
-	- milkytracker <unfixed> (bug #933964)
+	- milkytracker 1.02.00+dfsg-2 (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
 	NOTE: https://github.com/milkytracker/MilkyTracker/issues/183
@@ -11726,7 +11726,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a
 	NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
 CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a  ...)
 	{DLA-1961-1}
-	- milkytracker <unfixed> (bug #933964)
+	- milkytracker 1.02.00+dfsg-2 (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
 	NOTE: https://github.com/milkytracker/MilkyTracker/issues/184



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e0893e361535d2f97c9c851e2e4e64ba319bdcb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e0893e361535d2f97c9c851e2e4e64ba319bdcb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191028/4fb913d9/attachment.html>