[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 27 22:58:20 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1cf1c4ed by Moritz Mühlenhoff at 2021-08-27T23:58:09+02:00
NFUs
don't associate libav issues with ffmpeg, libav is an abandoned code base
 and ffmpeg handles all these just fine

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80465,13 +80465,16 @@ CVE-2020-18780
 CVE-2020-18779
 	RESERVED
 CVE-2020-18778 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_ ...)
-	TODO: check
+	- libav <removed>
+	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1155
 CVE-2020-18777
 	RESERVED
 CVE-2020-18776 (In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr  ...)
-	TODO: check
+	- libav <removed>
+	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1153
 CVE-2020-18775 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_ ...)
-	TODO: check
+	- libav <removed>
+	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1152
 CVE-2020-18774 (A float point exception in the printLong function in tags_int.cpp of E ...)
 	- exiv2 <unfixed> (unimportant)
 	NOTE: https://github.com/Exiv2/exiv2/issues/759
@@ -80557,9 +80560,9 @@ CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulner
 CVE-2020-18736
 	RESERVED
 CVE-2020-18735 (A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS ...)
-	TODO: check
+	NOT-FOR-US: Eclipse IOT Cyclone
 CVE-2020-18734 (A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS ...)
-	TODO: check
+	NOT-FOR-US: Eclipse IOT Cyclone
 CVE-2020-18733
 	RESERVED
 CVE-2020-18732



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf1c4ed3654a46c110c1f68d9195e0998c79dd8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cf1c4ed3654a46c110c1f68d9195e0998c79dd8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210827/7e2c497d/attachment.htm>

More information about the debian-security-tracker-commits mailing list