[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74dc6d16 by security tracker role at 2019-03-31T08:10:55Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40730,7 +40730,7 @@ CVE-2018-1999013 (FFmpeg before commit 
a7e032a277452366771951e29fd0bf2bd5c029f0
        [jessie] - libav <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f
 CVE-2018-1999012 (FFmpeg before commit 
9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...)
-       {DSA-4249-1}
+       {DSA-4249-1 DLA-1740-1}
        - ffmpeg 7:4.0.2-1
        - libav <removed>
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e
@@ -63139,7 +63139,7 @@ CVE-2018-6394 (SQL Injection exists in the InviteX 
3.0.5 component for Joomla! v
 CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 
(SNG7-PBX-64bit-17 ...)
        NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in 
FFmpeg thro ...)
-       {DSA-4249-1}
+       {DSA-4249-1 DLA-1740-1}
        - ffmpeg 7:3.4.2-1
        - libav <removed>
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
@@ -67963,6 +67963,7 @@ CVE-2017-1000462 (BookStack version 0.18.4 is 
vulnerable to stored cross-site sc
 CVE-2017-1000461 (Brave Software's Brave Browser, version 0.19.73 (and 
earlier) is vulne ...)
        - brave-browser <itp> (bug #864795)
 CVE-2017-1000460 (In line libavcodec/h264dec.c:500 in libav(v13_dev0), 
ffmpeg(n3.4), chr ...)
+       {DLA-1740-1}
        - libav <removed>
        - ffmpeg 7:3.1.1-1
        NOTE: https://bugzilla.libav.org/show_bug.cgi?id=952
@@ -91543,7 +91544,7 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in 
cine_read_header() due to lack of an E
        [jessie] - libav <not-affected> (vulnerable code is not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
 CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c 
does not  ...)
-       {DSA-3996-1}
+       {DSA-3996-1 DLA-1740-1}
        - ffmpeg 7:3.3.4-1 (low)
        - libav <removed>
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
@@ -183323,7 +183324,7 @@ CVE-2015-1874 (Cross-site request forgery (CSRF) 
vulnerability in the Contact Fo
 CVE-2015-1873
        RESERVED
 CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in 
FFmpeg be ...)
-       {DLA-644-1}
+       {DLA-1740-1 DLA-644-1}
        - ffmpeg 7:2.5.4-1
        [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
        - libav <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/74dc6d16b9e414f8fcc659f6cca0a54354c671c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/74dc6d16b9e414f8fcc659f6cca0a54354c671c9
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits