[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] chromium not-affected by VP9 issues

[Michael Gilbert]

Michael Gilbert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7c868a63 by Michael Gilbert at 2018-02-11T03:43:35+00:00
chromium not-affected by VP9 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -944,10 +944,7 @@ CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp 
through 1.14.15 is vuln
 CVE-2018-6549
        RESERVED
 CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 
2018-02-02. If ...)
-       - chromium-browser <unfixed>
-       [stretch] - chromium-browser <postponed> (Wait until this lands in a 
Chromium release)
-       [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-       [wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS)
+       - chromium-browser <not-affected> (chromium is built with support for 
VP9 disabled in debian)
        NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
        NOTE: 
https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
 CVE-2018-6547
@@ -1380,10 +1377,7 @@ CVE-2018-6408 (An issue was discovered on Conceptronic 
CIPCAMPTIWL V3 0.61.30.21
 CVE-2018-6407 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 
0.61.30.21 ...)
        NOT-FOR-US: CIPCAMPTIWL devices
 CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc 
in ...)
-       - chromium-browser <unfixed>
-       [stretch] - chromium-browser <postponed> (Wait until this lands in a 
Chromium release)
-       [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-       [wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS)
+       - chromium-browser <not-affected> (chromium is built with support for 
VP9 disabled in debian)
        NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
        NOTE: 
https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
 CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick 
before ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c868a631dc8768eab552ca5010afe9bb5638dd5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c868a631dc8768eab552ca5010afe9bb5638dd5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits