[Git][security-tracker-team/security-tracker][master] 2 commits: data/CVE/list: Mark libav in jessie as by CVE-2018-13301.

Tue, 22 Jan 2019 13:37:21 -0800 

Mike Gabriel pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
acc16c4d by Mike Gabriel at 2019-01-22T21:36:31Z
data/CVE/list: Mark libav in jessie as <not-affected> by CVE-2018-13301.

- - - - -
101c291e by Mike Gabriel at 2019-01-22T21:36:31Z
Reserve DLA-1638-1 for libjpeg-turbo

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -32538,6 +32538,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check 
of a profile value befor
        - ffmpeg 7:4.0.2-1 (low)
        [stretch] - ffmpeg <not-affected> (3.2.x not affected)
        - libav <removed>
+       [jessie] - libav <not-affected> (Vulnerable code path not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
        NOTE: It looks like Jessie is not affected but we need the reproducer 
to confirm this assumption.
 CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) 
passed to the ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Jan 2019] DLA-1638-1 libjpeg-turbo - security update
+       {CVE-2016-3616 CVE-2018-1152 CVE-2018-11212 CVE-2018-11213 
CVE-2018-11214}
+       [jessie] - libjpeg-turbo 1:1.3.1-12+deb8u1
 [22 Jan 2019] DLA-1637-1 apt - security update
        {CVE-2019-3462}
        [jessie] - apt 1.0.9.8.5


=====================================
data/dla-needed.txt
=====================================
@@ -67,9 +67,6 @@ krb5 (Thorsten Alteholz)
 --
 libav (Mike Gabriel)
 --
-libjpeg-turbo (Mike Gabriel)
-  NOTE: 20190121: as Mike is an Uploader:, probably he wants to do this ...
---
 libraw (Abhijith PA)
   NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
   NOTE: especially those that are still marked vulnerable in Stretch but also



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/7318a958a8e5a8b392bd859398cc965203ade457...101c291e0c3fdda15a462cc8b06129bbc46b180e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/7318a958a8e5a8b392bd859398cc965203ade457...101c291e0c3fdda15a462cc8b06129bbc46b180e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to