Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 976c6b42 by Sylvain Beucler at 2019-11-14T20:57:46Z CVE-2019-9717,CVE-2019-9719,CVE-2019-9720/libav: unimportant/undetermined - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -30893,8 +30893,16 @@ CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows [jessie] - libav <not-affected> (Vulnerable code not present) CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...) - libav <removed> + [jessie] - libav <unfixed> (unimportant) + NOTE: Actual vulnerability description is (https://lgtm.com/security/): + NOTE: "Denial of service due to quadratic call to strstr in srtdec.c" + NOTE: Using strstr is not an actual DoS + NOTE: Conflict of interest: mass CVE filling using code analysis tool sold by finder CVE-2019-9719 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...) - libav <removed> + [jessie] - libav <undetermined> + NOTE: Generic low-certainty warning about snprintf usage without rationale + NOTE: Conflict of interest: mass CVE filling using code analysis tool sold by finder CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...) {DSA-4449-1} - ffmpeg 7:4.1.3-1 (low; bug #926666) @@ -30903,6 +30911,9 @@ CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows [jessie] - libav <not-affected> (Vulnerable code not present) CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder allows atta ...) - libav <removed> + [jessie] - libav <unfixed> (unimportant) + NOTE: Non-trivial sscanf format is not an actual DoS + NOTE: Conflict of interest: mass CVE filling using code analysis tool sold by finder CVE-2019-9716 RESERVED CVE-2019-9715 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976c6b42f5b925f48752467fa033f3312d5f1d07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976c6b42f5b925f48752467fa033f3312d5f1d07 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits