Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits: acc16c4d by Mike Gabriel at 2019-01-22T21:36:31Z data/CVE/list: Mark libav in jessie as <not-affected> by CVE-2018-13301. - - - - - 101c291e by Mike Gabriel at 2019-01-22T21:36:31Z Reserve DLA-1638-1 for libjpeg-turbo - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -32538,6 +32538,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor - ffmpeg 7:4.0.2-1 (low) [stretch] - ffmpeg <not-affected> (3.2.x not affected) - libav <removed> + [jessie] - libav <not-affected> (Vulnerable code path not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b NOTE: It looks like Jessie is not affected but we need the reproducer to confirm this assumption. CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[22 Jan 2019] DLA-1638-1 libjpeg-turbo - security update + {CVE-2016-3616 CVE-2018-1152 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214} + [jessie] - libjpeg-turbo 1:1.3.1-12+deb8u1 [22 Jan 2019] DLA-1637-1 apt - security update {CVE-2019-3462} [jessie] - apt 1.0.9.8.5 ===================================== data/dla-needed.txt ===================================== @@ -67,9 +67,6 @@ krb5 (Thorsten Alteholz) -- libav (Mike Gabriel) -- -libjpeg-turbo (Mike Gabriel) - NOTE: 20190121: as Mike is an Uploader:, probably he wants to do this ... --- libraw (Abhijith PA) NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too, NOTE: especially those that are still marked vulnerable in Stretch but also View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7318a958a8e5a8b392bd859398cc965203ade457...101c291e0c3fdda15a462cc8b06129bbc46b180e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7318a958a8e5a8b392bd859398cc965203ade457...101c291e0c3fdda15a462cc8b06129bbc46b180e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits