[Git][security-tracker-team/security-tracker][master] Switch several git.videolan.org references to access via https
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 2 16:12:45 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e07a7463 by Salvatore Bonaccorso at 2021-06-02T17:12:13+02:00
Switch several git.videolan.org references to access via https
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8663,11 +8663,11 @@ CVE-2021-30124
RESERVED
CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec ...)
- ffmpeg <not-affected> (Only affects 4.4 development branches)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
NOTE: https://trac.ffmpeg.org/ticket/8845
NOTE: https://trac.ffmpeg.org/ticket/8863
NOTE: CVE description is wrong, this landed in 4.4 only
- NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+ NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
CVE-2021-30122
RESERVED
CVE-2021-30121
@@ -51603,9 +51603,9 @@ CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in
NOTE: https://trac.ffmpeg.org/ticket/8859
NOTE: https://trac.ffmpeg.org/ticket/8860
NOTE: Support for 22.2 / channel_config 13 introduced in:
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
- NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
- NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+ NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+ NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
- libass 1:0.15.0-1
[buster] - libass <no-dsa> (Minor issue)
@@ -53784,7 +53784,7 @@ CVE-2020-24020 (Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_lay
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8718
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb
CVE-2020-24019
RESERVED
CVE-2020-24018
@@ -57760,33 +57760,33 @@ CVE-2020-22045
CVE-2020-22044 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8295
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad
NOTE: Negligible security impact
CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8284
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590
NOTE: Negligible security impact
CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8267
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84
CVE-2020-22041 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8296
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f
CVE-2020-22040 (A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memor ...)
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8283
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1a0c584abc9709b1d11dbafef05d22e0937d7d19
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1a0c584abc9709b1d11dbafef05d22e0937d7d19
CVE-2020-22039 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8302
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3
CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8285
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013
CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8281
@@ -57794,114 +57794,114 @@ CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8261
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8262
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054
CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8236
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...)
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8246
NOTE: https://trac.ffmpeg.org/ticket/8241
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8275
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8243
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8276
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
NOTE: https://trac.ffmpeg.org/ticket/8250
CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
NOTE: https://trac.ffmpeg.org/ticket/8274
CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
NOTE: https://trac.ffmpeg.org/ticket/8242
CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
NOTE: https://trac.ffmpeg.org/ticket/8317
CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
NOTE: https://trac.ffmpeg.org/ticket/8260
CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <not-affected> (Introduced in 4.2)
[stretch] - ffmpeg <not-affected> (Introduced in 4.2)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3
NOTE: https://trac.ffmpeg.org/ticket/8310
CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
NOTE: https://trac.ffmpeg.org/ticket/8244
CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
NOTE: https://trac.ffmpeg.org/ticket/8264
CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
NOTE: https://trac.ffmpeg.org/ticket/8240
CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
[stretch] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8239
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...)
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8246
NOTE: https://trac.ffmpeg.org/ticket/8241
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
CVE-2020-22018
RESERVED
CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8309
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...)
- ffmpeg 7:4.2.2-1
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://trac.ffmpeg.org/ticket/8183
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
- ffmpeg <unfixed>
[buster] - ffmpeg <ignored> (Minor issue)
[stretch] - ffmpeg <ignored> (Minor issue)
NOTE: https://trac.ffmpeg.org/ticket/8190
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46
CVE-2020-22014
RESERVED
CVE-2020-22013
@@ -75422,7 +75422,7 @@ CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8716
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
CVE-2020-14211
RESERVED
CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...)
@@ -77579,7 +77579,7 @@ CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function
- vlc 3.0.11-1
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
- NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
+ NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...)
NOT-FOR-US: Victor CMS
CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...)
@@ -123168,7 +123168,7 @@ CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1
NOT-FOR-US: Counter-Strike: Global Offensive
CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
- ffmpeg <not-affected> (Only affects 4.2)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an ...)
{DSA-4533-1}
- lemonldap-ng 2.0.6+ds-1
@@ -130045,7 +130045,7 @@ CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VL
{DSA-4504-1}
- vlc 3.0.8-1 (low)
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
- NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
+ NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
NOTE: https://trac.videolan.org/vlc/ticket/22240
NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the ...)
@@ -132807,7 +132807,7 @@ CVE-2019-13313 (libosinfo 1.5.0 allows local users to discover credentials by li
CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based b ...)
- ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/7980
- NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
+ NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
{DSA-4712-1}
- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
@@ -134114,7 +134114,7 @@ CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demu
{DSA-4459-1}
- vlc 3.0.7-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
CVE-2019-12873
RESERVED
CVE-2019-12872 (dotCMS before 5.1.6 is vulnerable to a SQL injection that can be explo ...)
@@ -192171,7 +192171,7 @@ CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c i
- vlc 3.0.2-1
[stretch] - vlc 3.0.2-0+deb9u1
[jessie] - vlc <not-affected> (Only affects 3.x)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8
NOTE: http://www.videolan.org/security/sa1801.html
CVE-2018-11515 (The wpForo plugin through 2018-02-05 for WordPress has SQL Injection v ...)
NOT-FOR-US: wpForo plugin for WordPress
@@ -196467,7 +196467,7 @@ CVE-2018-10002
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
{DSA-4249-1}
- ffmpeg 7:3.4.3-1 (low)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
NOTE: Fixed in 3.2.11
@@ -196813,7 +196813,7 @@ CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg throu
- ffmpeg 7:3.4.3-1 (low)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically pr ...)
NOT-FOR-US: Open Whisper Signal app for iOS
CVE-2018-9839 (An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a ...)
@@ -226422,7 +226422,7 @@ CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to /
CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote ...)
{DSA-4049-1}
- ffmpeg 7:3.4.1-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...)
NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16838
@@ -229844,7 +229844,7 @@ CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 a
{DSA-4049-1 DLA-1630-1}
- ffmpeg 7:3.4-1
- libav <removed>
- NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
+ NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
[experimental] - glibc 2.26-0experimental0
- glibc 2.25-3 (low; bug #879500)
@@ -244948,8 +244948,8 @@ CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x befo
{DSA-4045-1}
- vlc 2.2.6-3
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
NOTE: https://trac.videolan.org/vlc/ticket/18467
CVE-2017-10698
RESERVED
@@ -252108,22 +252108,22 @@ CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 d
{DSA-3899-1}
- vlc 2.2.5-1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c
CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...)
{DSA-3899-1}
- vlc 2.2.6-1~deb9u1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa
CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...)
{DSA-3899-1}
- vlc 2.2.5-1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...)
{DSA-3899-1}
- vlc 2.2.5.1-1~deb9u1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ...)
{DLA-1497-1 DLA-1071-1 DLA-1070-1}
- qemu 1:2.8+dfsg-5 (bug #862280)
@@ -287257,7 +287257,7 @@ CVE-2016-6165
RESERVED
CVE-2016-6164 (Integer overflow in the mov_build_index function in libavformat/mov.c ...)
- ffmpeg 7:3.1.1-1
- NOTE: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823
+ NOTE: https://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823
CVE-2016-1000101
REJECTED
CVE-2016-1000100
@@ -299540,26 +299540,26 @@ CVE-2016-XXXX [Crash on bad SOAP request]
CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...)
- ffmpeg 2.8.6-1
- libav <not-affected> (Libav not affected according to upstream)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate Ro ...)
- ffmpeg 2.8.6-1
- libav <not-affected> (Vulnerable code not present in any Libav version)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
- ffmpeg 2.8.6-1
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes i ...)
- ffmpeg 2.8.5-1
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
CVE-2016-2326 (Integer overflow in the asf_write_packet function in libavformat/asfen ...)
{DSA-3506-1}
- ffmpeg 2.8.5-1
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
CVE-2016-2325
RESERVED
CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to execut ...)
@@ -299961,7 +299961,7 @@ CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in
- ffmpeg 7:2.8.6-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan 1. ...)
- botan1.10 <not-affected> (Introduced in 1.11.10)
NOTE: Introduced in 1.11.10, fixed in 1.11.27
@@ -304089,7 +304089,7 @@ CVE-2015-8663 (The ff_get_buffer function in libavcodec/utils.c in FFmpeg before
- ffmpeg 7:2.8.4-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
NOTE: For libav in jessie the patch needs to applied in libavcodec/decode.c in line 1884.
CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg befor ...)
{DLA-1611-1}
@@ -304097,13 +304097,13 @@ CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in FFmp ...)
{DLA-1611-1}
- ffmpeg 7:2.8.3-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
CVE-2015-8658 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-8657 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
@@ -307899,7 +307899,7 @@ CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg
- ffmpeg 7:2.8.3-1 (bug #806519)
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
NOTE: fix for the libav 11.9 branch: https://git.libav.org/?p=libav.git;a=commit;h=v11.9-5-g88762a0
NOTE: fix for the libav 0.8 branch: https://git.libav.org/?p=libav.git;a=commit;h=9fba59f471725e5235d5378e795ebf8b59472817
CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi. ...)
@@ -307907,14 +307907,14 @@ CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in libavcodec
- ffmpeg 7:2.8.3-1 (bug #806519)
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...)
{DLA-1611-1}
- ffmpeg 7:2.8.3-1 (bug #806519)
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
CVE-2015-8362 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices b ...)
NOT-FOR-US: Harman AMX
CVE-2015-8361 (Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.1 ...)
@@ -312315,44 +312315,44 @@ CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFm ...)
{DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before 2 ...)
{DLA-1611-2}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
CVE-2015-6823 (The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2. ...)
{DLA-1611-2}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6
CVE-2015-6822 (The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7 ...)
{DLA-1611-2 DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg be ...)
{DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7. ...)
{DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in l ...)
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
@@ -312362,7 +312362,7 @@ CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg b
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
NOTE: For libav in jessie, the patch needs to go into the decode_frame() function in libavcodec/pngdec.c
CVE-2015-6814
RESERVED
@@ -312687,7 +312687,7 @@ CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg thro
NOTE: https://code.google.com/p/chromium/issues/detail?id=532967
NOTE: Starting with 44.0.2403.157-1 chromium uses the ffmpeg system copy
NOTE: It looks like this relates to multithreaded decoding of VPx codecs, which is not implemented in the squeeze version. But I'm not sure as the second bug report is still private.
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
CVE-2015-6760 (The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGL ...)
{DSA-3376-1}
- chromium-browser 46.0.2490.71-1
@@ -326597,7 +326597,7 @@ CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmp
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
CVE-2015-1871
RESERVED
CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-re ...)
@@ -329080,12 +329080,12 @@ CVE-2015-1209 (Use-after-free vulnerability in the VisibleSelection::nonBoundary
[squeeze] - chromium-browser <end-of-life>
CVE-2015-1208 (Integer underflow in the mov_read_default function in libavformat/mov. ...)
- ffmpeg 7:2.5.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chr ...)
{DLA-1654-1}
- ffmpeg 7:2.6.1-1
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
CVE-2015-1206 (Heap-based buffer overflow in Google Chrome before M40 allows remote a ...)
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
@@ -329561,12 +329561,12 @@ CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for
- libav 6:11.3-1 (bug #775593)
NOTE: Applies to 0.8, but in different file (utvideo.c)
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5. ...)
- ffmpeg 7:2.5.1-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits a ...)
- ffmpeg 7:2.5.1-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -332618,23 +332618,23 @@ CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FF
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
- libav <not-affected> (Vulnerable code not present, format not supported)
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
{DLA-1611-1}
- libav <removed>
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg befor ...)
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
CVE-2014-9315
RESERVED
CVE-2014-9314
@@ -335496,45 +335496,45 @@ CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- libav 6:11.2-1 (bug #773626)
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686
CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows rem ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab
CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute i ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903
CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allow ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-blac ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bi ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.3-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186
CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all line ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID dur ...)
{DLA-1654-1}
@@ -335542,14 +335542,14 @@ CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec I
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=88626e5af8d006e67189bf10b96b982502a7e8ad
CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550
CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 an ...)
NOT-FOR-US: Simple Email
@@ -337330,7 +337330,7 @@ CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg be
- libav <not-affected> (bug #785326; can't reproduce the issue)
[jessie] - libav <not-affected> (Can't reproduce the issue)
[wheezy] - libav <not-affected> (Can't reproduce the issue)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...)
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
@@ -337351,7 +337351,7 @@ CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function i
- ffmpeg 7:2.5.1-1
[squeeze] - ffmpeg <end-of-life>
- libav 6:11.3-1
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in core/d ...)
- chromium-browser 40.0.2214.91-1
@@ -343581,13 +343581,13 @@ CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
NOTE: <lu_zero> Does not apply to Libav at all.
CVE-2014-5271 (Heap-based buffer overflow in the encode_slice function in libavcodec/ ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav 6:11-1
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1
NOTE: https://git.libav.org/?p=libav.git;a=commitdiff;h=45ce880a9b3e50cfa088f111dffaf8685bd7bc6b
CVE-2014-5262 (SQL injection vulnerability in the graph settings script (graph_settin ...)
@@ -345265,7 +345265,7 @@ CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in
CVE-2014-4610 (Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- NOTE: Fixed in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
+ NOTE: Fixed in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
CVE-2014-4609 (Integer overflow in the get_len function in libavutil/lzo.c in Libav b ...)
{DSA-2977-1}
- libav 6:10.2-1
@@ -351687,7 +351687,7 @@ CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
- libav 6:10.4-1
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9 ...)
@@ -355984,13 +355984,13 @@ CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmp
- libav 6:9.11-1
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before 1. ...)
- libav 6:9.11-1
[wheezy] - libav <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
- ffmpeg <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=82b9799bb211ecd117171115e4a8b832c4942314
CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpe ...)
- libav <not-affected> (Vulnerable code not present in libav)
@@ -365121,7 +365121,7 @@ CVE-2013-4388 (Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4a
{DSA-2973-1}
- vlc 2.1.0-1 (bug #726528)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not prop ...)
{DLA-0015-1}
- linux-2.6 <removed>
@@ -367111,7 +367111,7 @@ CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FF
{DSA-3003-1}
- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg befo ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -367121,7 +367121,7 @@ CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -367131,7 +367131,7 @@ CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10-1
[wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9
CVE-2013-3669
RESERVED
@@ -368072,7 +368072,7 @@ CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03 a
CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...)
- vlc 2.0.7-1 (unimportant)
NOTE: Harmless crasher
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
NOTE: http://secunia.com/blog/372/
NOTE: http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB ...)
@@ -374871,7 +374871,7 @@ CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.6-1 (bug #717009)
NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
NOTE: Fix needed for ffmpeg 0.5
CVE-2013-0872 (The swr_init function in libswresample/swresample.c in FFmpeg before 1 ...)
- ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
@@ -374888,25 +374888,25 @@ CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.5-1
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
NOTE: Fix needed in ffmpeg 0.5
CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1 ...)
{DSA-2793-1}
- ffmpeg <not-affected> (Code in 0.5 is different/not affected)
- libav 6:0.8.7-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg befor ...)
{DSA-2855-1}
@@ -374926,14 +374926,14 @@ CVE-2013-0862 (Multiple integer overflows in the process_frame_obj function in l
CVE-2013-0861 (The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg bef ...)
- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
- libav <not-affected> (Affected code not present in libav 0.8.x)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
NOTE: Affects the libav version in experimental
CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpe ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.1-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg befor ...)
- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
@@ -374943,14 +374943,14 @@ CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.9-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
NOTE: Fixed in 0.8.9
CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1. ...)
{DSA-2793-1}
- ffmpeg <not-affected> (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg)
- libav 6:9.9-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9
NOTE: Fixed in 0.8.9
CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
@@ -374958,37 +374958,37 @@ CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.10-1
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
CVE-2013-0855 (Integer overflow in the alac_decode_close function in libavcodec/alac. ...)
- ffmpeg <not-affected> (0.5 series not affected)
- libav 6:9.9-1 (bug #717009)
[wheezy] - libav <not-affected> (0.8 series not affected)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
{DSA-2793-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.8-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg be ...)
{DSA-2793-1}
- ffmpeg <not-affected> (Vulnerability introduced later)
- libav 6:0.8.8-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...)
{DSA-3003-1}
- ffmpeg <not-affected> (PGS subtitle decoder not present)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 a ...)
{DSA-3003-1}
- ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f9204ec56a4cf73843d1e5b8563d3584c2c05b47 (v10)
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e8ff7972064631afbdf240ec6bfd9dec30cf2ce8 (v9)
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8)
@@ -374997,39 +374997,39 @@ CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg b
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.7-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg bef ...)
{DSA-2855-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.3-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1. ...)
- ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5)
- libav <not-affected> (Code in libav is different, read_ttag)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in libavcode ...)
{DSA-2855-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.3-1 (bug #717009)
- NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
+ NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
NOTE: Needed for ffmpeg 0.5
CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...)
{DSA-2855-1}
- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
- libav 6:9.11-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
@@ -375038,7 +375038,7 @@ CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.10-1
- NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
+ NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
NOTE: libav commit: https://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e
NOTE: Fixed in 0.8.9
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome befor ...)
@@ -385667,7 +385667,7 @@ CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOM
CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
- vlc 2.0.2-1 (bug #680665)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
NOTE: http://securitytracker.com/id/1027224
CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...)
- hadoop <itp> (bug #535861)
@@ -387130,7 +387130,7 @@ CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in
CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg be ...)
- ffmpeg <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
- libav <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
NOTE: patch proposed: http://patches.libav.org/patch/32644/
CVE-2012-2773 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...)
- ffmpeg 7:2.4.1-1
@@ -395411,7 +395411,7 @@ CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in
- libav 4:0.7.3-1
- ffmpeg 7:2.4.1-1
- ffmpeg-debian <end-of-life>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropria ...)
{DSA-2362-1}
- acpid 1:2.0.11-1
@@ -402757,14 +402757,14 @@ CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg be
- libav 4:0.6-1 (bug #628448)
- ffmpeg 7:2.4.1-1
- ffmpeg-debian <end-of-life>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b
CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPl ...)
{DSA-2306-1}
- libav 4:0.6-1 (bug #628448)
- ffmpeg 7:2.4.1-1
- ffmpeg-debian <end-of-life>
NOTE: duplicate of CVE-2011-0723
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6
CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type he ...)
NOT-FOR-US: SmarterStats
CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect Content-T ...)
@@ -409411,7 +409411,7 @@ CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subt
CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...)
- vlc 1.1.3-1squeeze2
[lenny] - vlc <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...)
- pango1.0 1.28.3-1+squeeze1 (bug #610792)
CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Dire ...)
@@ -416157,7 +416157,7 @@ CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, a
- mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
[lenny] - mplayer 1.0~rc2-17+lenny3.2
- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
NOTE: DSA-2043 and DSA-2044
CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) ...)
@@ -446966,7 +446966,7 @@ CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0
{DSA-1819-1 DTSA-132-1}
- vlc 0.8.6.e-2.2 (low; bug #480724)
NOTE: https://trac.videolan.org/vlc/ticket/1578
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
CVE-2008-6339
REJECTED
CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and r ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e07a746395567ad952126dd0d43cebbfd39c2201
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e07a746395567ad952126dd0d43cebbfd39c2201
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210602/b2d6a956/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list