[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-32229 as only affecting experimental
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 32836b8b by Sebastian Ramacher at 2024-07-07T19:28:14+02:00 Mark CVE-2024-32229 as only affecting experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -772,7 +772,10 @@ CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative NOTE: https://trac.ffmpeg.org/ticket/10952 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandsh ...) - - ffmpeg + [experimental] - ffmpeg + - ffmpeg (vulnerable code introduced later) + [bookworm] - ffmpeg (vulnerable code introduced later) + [bullseye] - ffmpeg (vulnerable code introduced later) NOTE: https://trac.ffmpeg.org/ticket/10950 CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavc ...) - ffmpeg View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32836b8b9f0416f05b80425822dc5c0724699866 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32836b8b9f0416f05b80425822dc5c0724699866 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-3405 as fixed in libebml/1.4.2-1
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: f80abbd7 by Sebastian Ramacher at 2021-02-21T15:43:30+01:00 Mark CVE-2021-3405 as fixed in libebml/1.4.2-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -881,7 +881,7 @@ CVE-2021-3406 RESERVED CVE-2021-3405 RESERVED - - libebml (bug #982597) + - libebml 1.4.2-1 (bug #982597) NOTE: https://github.com/Matroska-Org/libebml/issues/74 CVE-2021-27104 (Accellion FTA 9_12_370 and earlier is affected by OS command execution ...) NOT-FOR-US: Accellion FTA View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80abbd71d42ddec01279b64de496e2bc199cb30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80abbd71d42ddec01279b64de496e2bc199cb30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-35738 as fixed in wavpack 5.3.0-2
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: db5e1d5a by Sebastian Ramacher at 2020-12-30T10:57:40+01:00 Mark CVE-2020-35738 as fixed in wavpack 5.3.0-2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -245,7 +245,7 @@ CVE-2020-35740 CVE-2020-35739 RESERVED CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...) - - wavpack (bug #978548) + - wavpack 5.3.0-2 (bug #978548) NOTE: https://github.com/dbry/WavPack/issues/91 CVE-2020-35737 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5e1d5a1d9e3fca76f337c5d88a45eeb7d600b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5e1d5a1d9e3fca76f337c5d88a45eeb7d600b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-13428 fixed in vlc 3.0.11-1
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: c4d55e5d by Sebastian Ramacher at 2020-06-15T23:31:09+02:00 CVE-2020-13428 fixed in vlc 3.0.11-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1774,7 +1774,7 @@ CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datas CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...) NOT-FOR-US: piechart-panel plugin for Grafana CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...) - - vlc + - vlc 3.0.11-1 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4d55e5d70f547900bea19b85565744e6f2622c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4d55e5d70f547900bea19b85565744e6f2622c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] embedded-code-copies: add libdvdread and libdvdnav
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: dfecabe2 by Sebastian Ramacher at 2020-05-26T20:17:58+02:00 embedded-code-copies: add libdvdread and libdvdnav - - - - - 1 changed file: - data/embedded-code-copies Changes: = data/embedded-code-copies = @@ -3530,3 +3530,9 @@ libinih ndpi - ntop (modified-embed) + +libdvdread + - kodi (modified-embed) + +libdvdnav + - kodi (modified-embed) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfecabe2ad6fd1a6066ceb2ca9ba35a526100f52 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfecabe2ad6fd1a6066ceb2ca9ba35a526100f52 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-13390 fixed in ffmpeg 7:4.2.1-1
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 290cf571 by Sebastian Ramacher at 2019-11-23T14:33:05Z CVE-2019-13390 fixed in ffmpeg 7:4.2.1-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20428,7 +20428,7 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch NOTE: which seems to be the actual patch for this issue. CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...) - - ffmpeg (low; bug #932535) + - ffmpeg 7:4.2.1-1 (low; bug #932535) [buster] - ffmpeg (Minor issue, wait until fixed in 4.1.x branch) [stretch] - ffmpeg (Minor issue, wait until fixed in 3.2.x branch) CVE-2019-13389 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/290cf571c276f96f11b9a190bc3efcf2abf1b76f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/290cf571c276f96f11b9a190bc3efcf2abf1b76f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark another CVE fixed in vlc 3.0.8
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 4447259c by Sebastian Ramacher at 2019-08-20T18:41:27Z Mark another CVE fixed in vlc 3.0.8 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -902,6 +902,7 @@ CVE-2019-14971 RESERVED CVE-2019-14970 RESERVED + - vlc 3.0.8-1 CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...) NOT-FOR-US: Netwrix Auditor CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4447259ccc8b554cb426b3f561b35a86b9f5e571 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4447259ccc8b554cb426b3f561b35a86b9f5e571 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-13602 fixed in vlc 3.0.7.1-2
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 1bc12283 by Sebastian Ramacher at 2019-07-15T18:48:35Z CVE-2019-13602 fixed in vlc 3.0.7.1-2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-13604 CVE-2019-13603 RESERVED CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...) - - vlc (bug #932131) + - vlc 3.0.7.1-2 (bug #932131) NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491 NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938 CVE-2019-13601 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bc12283d2a751f12ce414f6689cfc30cac12a31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bc12283d2a751f12ce414f6689cfc30cac12a31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark some ffmpeg issues as fixed
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 65383bd2 by Sebastian Ramacher at 2019-05-19T15:58:18Z Mark some ffmpeg issues as fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1942,11 +1942,11 @@ CVE-2019-11341 CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...) NOT-FOR-US: Matrix Sydent CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...) - - ffmpeg + - ffmpeg 7:4.1.3-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...) - - ffmpeg + - ffmpeg 7:4.1.3-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e CVE-2019-11337 RESERVED @@ -6618,7 +6618,7 @@ CVE-2019-9723 CVE-2019-9722 RESERVED CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows attac ...) - - ffmpeg (bug #92) + - ffmpeg 7:4.1.3-1 (bug #92) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 CVE-2019-9720 @@ -6626,7 +6626,7 @@ CVE-2019-9720 CVE-2019-9719 RESERVED CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...) - - ffmpeg (low; bug #92) + - ffmpeg 7:4.1.3-1 (low; bug #92) [stretch] - ffmpeg (Wait until fixed in 3.2.x release) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 CVE-2019-9717 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65383bd2281dfd2a3638e1b47d056578e11ea57b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65383bd2281dfd2a3638e1b47d056578e11ea57b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-11498 fixed in wavpack/5.1.0-6
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 6216cf7b by Sebastian Ramacher at 2019-04-28T21:44:29Z CVE-2019-11498 fixed in wavpack/5.1.0-6 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -178,7 +178,7 @@ CVE-2019-11500 CVE-2019-11499 RESERVED CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...) - - wavpack (bug #927903) + - wavpack 5.1.0-6 (bug #927903) NOTE: https://github.com/dbry/WavPack/issues/67 NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 CVE-2019-11497 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6216cf7bdcae3578c5211d46388fad37d4256b1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6216cf7bdcae3578c5211d46388fad37d4256b1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-6256 as fixed in liblivemedia/2018.11.26-1
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 9986a399 by Sebastian Ramacher at 2019-01-18T15:02:54Z Mark CVE-2019-6256 as fixed in liblivemedia/2018.11.26-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -597,7 +597,7 @@ CVE-2019-6258 CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder before ...) NOT-FOR-US: elFinder CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 Streaming Media ...) - - liblivemedia (bug #919529) + - liblivemedia 2018.11.26-1 (bug #919529) NOTE: https://github.com/rgaufman/live555/issues/19 CVE-2019-6255 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9986a3993f57ca287e02521cfa290d864ef14203 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9986a3993f57ca287e02521cfa290d864ef14203 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark wavpack as fixed
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 58676331 by Sebastian Ramacher at 2018-12-05T11:48:59Z Mark wavpack as fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32,13 +32,13 @@ CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allo NOTE: https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432 NOTE: https://github.com/radare/radare2/issues/12239 CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a ...) - - wavpack (bug #915565) + - wavpack 5.1.0-5 (bug #915565) [stretch] - wavpack (Minor issue) [jessie] - wavpack (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b NOTE: https://github.com/dbry/WavPack/issues/54 CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack ...) - - wavpack (bug #915564) + - wavpack 5.1.0-5 (bug #915564) [stretch] - wavpack (Minor issue) [jessie] - wavpack (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5867633100a8b848b02b03cb74c57685e849a429 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5867633100a8b848b02b03cb74c57685e849a429 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage CVE-2018-13305
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 1eb2c9fc by Sebastian Ramacher at 2018-09-03T20:41:38Z Triage CVE-2018-13305 Vulnerable code was not party of any release. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7353,10 +7353,11 @@ CVE-2018-13307 CVE-2018-13306 RESERVED CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the ...) - - ffmpeg + - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code not present) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4#commitcomment-30094223 CVE-2018-13304 (In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency ...) - ffmpeg 7:4.0.2-1 [stretch] - ffmpeg (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1eb2c9fc59a701dca46c08f2dc32457a94f2a962 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1eb2c9fc59a701dca46c08f2dc32457a94f2a962 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ffmpeg fixed in experimental
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: c62da7df by Sebastian Ramacher at 2018-07-11T20:21:51+02:00 ffmpeg fixed in experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3318,14 +3318,16 @@ CVE-2018-12462 (NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. .. CVE-2018-12461 (Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking ...) TODO: check CVE-2018-12460 (libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the ...) - [experimental] - ffmpeg (low) + [experimental] - ffmpeg 7:4.0.1-1 (low) - ffmpeg (Introduced after 3.4) NOTE: https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d CVE-2018-12459 (An inconsistent bits-per-sample value in the ...) + [experimental] - ffmpeg 7:4.0.1-1 (low) - ffmpeg (low) [stretch] - ffmpeg (Can be fixed when new 3.2.x release fixes it) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in ...) + [experimental] - ffmpeg 7:4.0.1-1 (low) - ffmpeg 7:3.4.3-1 (low) [stretch] - ffmpeg (Can be fixed when new 3.2.x release fixes it) NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c62da7df068c3e0a12d8a70148313429e2f7faa0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c62da7df068c3e0a12d8a70148313429e2f7faa0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVEs fixed by ffmpeg 3.4.3 as fixed
Sebastian Ramacher pushed to branch master at Debian Security Tracker / security-tracker Commits: 19abeff6 by Sebastian Ramacher at 2018-07-10T22:50:43+02:00 Mark CVEs fixed by ffmpeg 3.4.3 as fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1169,7 +1169,7 @@ CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to ...) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78 CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than ...) - - ffmpeg + - ffmpeg 7:3.4.3-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50 CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value before ...) @@ -1177,7 +1177,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...) - - ffmpeg + - ffmpeg 7:3.4.3-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148 CVE-2018-13299 @@ -3272,7 +3272,7 @@ CVE-2018-12459 (An inconsistent bits-per-sample value in the ...) [stretch] - ffmpeg (Can be fixed when new 3.2.x release fixes it) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in ...) - - ffmpeg (low) + - ffmpeg 7:3.4.3-1 (low) [stretch] - ffmpeg (Can be fixed when new 3.2.x release fixes it) NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8 CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin ...) @@ -9711,7 +9711,7 @@ CVE-2018-10003 CVE-2018-10002 RESERVED CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) - - ffmpeg (low) + - ffmpeg 7:3.4.3-1 (low) [stretch] - ffmpeg (Can wait until the next ffmpeg 3.2.x release) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081 - libav @@ -10054,7 +10054,7 @@ CVE-2018-9843 (The REST API in CyberArk Password Vault Web Access before 9.9.5 a CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to obtain ...) NOT-FOR-US: CyberArk Password Vault CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg through ...) - - ffmpeg (low) + - ffmpeg 7:3.4.3-1 (low) [stretch] - ffmpeg (Can wait until the next ffmpeg 3.2.x release) - libav (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758 @@ -15157,7 +15157,7 @@ CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...) CVE-2018-7754 RESERVED CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 ...) - - ffmpeg + - ffmpeg 7:3.4.3-1 [stretch] - ffmpeg (Wait for next 3.2.x release) - libav (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f @@ -15880,7 +15880,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample CVE-2018-7558 RESERVED CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) - - ffmpeg + - ffmpeg 7:3.4.3-1 [stretch] - ffmpeg (Wait for next 3.2.x release) - libav NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19abeff6e91d36de91009e12791bda78c0362218 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19abeff6e91d36de91009e12791bda78c0362218 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits