Author: jmm Date: 2017-10-16 08:28:26 +0000 (Mon, 16 Oct 2017) New Revision: 56734
Modified: data/CVE/list Log: two ffmpeg issues confirmed for libav sdl no-dsa Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-16 08:23:08 UTC (rev 56733) +++ data/CVE/list 2017-10-16 08:28:26 UTC (rev 56734) @@ -13520,8 +13520,9 @@ NOTE: Fixed in 3.2.6 CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in ...) - ffmpeg 7:3.2.5-1 - - libav <undetermined> + - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360 + NOTE: Fixed in 11.11 CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in ...) - ffmpeg 7:3.2.5-1 - libav <not-affected> (Vulnerable feature not present) @@ -21334,8 +21335,9 @@ NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e CVE-2017-7862 (FFmpeg before 2017-02-07 has an out-of-bounds write caused by a ...) - ffmpeg 7:3.2.4-1 - - libav <undetermined> + - libav <removed> NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a + NOTE: Fixed in 11.11 CVE-2017-7861 (Google gRPC before 2017-02-22 has an out-of-bounds write related to the ...) - grpc 1.2.5-1+nmu0 (bug #860316) CVE-2017-7860 (Google gRPC before 2017-02-22 has an out-of-bounds write caused by a ...) @@ -37099,7 +37101,11 @@ NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5 CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF ...) - libsdl2-image <unfixed> (bug #878266) + [stretch] - libsdl2-image <no-dsa> (Minor issue) + [jessie] - libsdl2-image <no-dsa> (Minor issue) - sdl-image1.2 <unfixed> (bug #878267) + [stretch] - sdl-image1.2 <no-dsa> (Minor issue) + [jessie] - sdl-image1.2 <no-dsa> (Minor issue) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394 NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705 CVE-2017-2886 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits