[Secure-testing-commits] r56734 - data/CVE

Mon, 16 Oct 2017 01:29:19 -0700 

Author: jmm
Date: 2017-10-16 08:28:26 +0000 (Mon, 16 Oct 2017)
New Revision: 56734

Modified:
   data/CVE/list
Log:
two ffmpeg issues confirmed for libav
sdl no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-16 08:23:08 UTC (rev 56733)
+++ data/CVE/list       2017-10-16 08:28:26 UTC (rev 56734)
@@ -13520,8 +13520,9 @@
        NOTE: Fixed in 3.2.6
 CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in ...)
        - ffmpeg 7:3.2.5-1
-       - libav <undetermined>
+       - libav <removed>
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360
+       NOTE: Fixed in 11.11
 CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in 
...)
        - ffmpeg 7:3.2.5-1
        - libav <not-affected> (Vulnerable feature not present)
@@ -21334,8 +21335,9 @@
        NOTE: Fixed by: 
https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e
 CVE-2017-7862 (FFmpeg before 2017-02-07 has an out-of-bounds write caused by a 
...)
        - ffmpeg 7:3.2.4-1
-       - libav <undetermined>
+       - libav <removed>
        NOTE: Fixed by: 
https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a
+       NOTE: Fixed in 11.11
 CVE-2017-7861 (Google gRPC before 2017-02-22 has an out-of-bounds write 
related to the ...)
        - grpc 1.2.5-1+nmu0 (bug #860316)
 CVE-2017-7860 (Google gRPC before 2017-02-22 has an out-of-bounds write caused 
by a ...)
@@ -37099,7 +37101,11 @@
        NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
 CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF 
...)
        - libsdl2-image <unfixed> (bug #878266)
+       [stretch] - libsdl2-image <no-dsa> (Minor issue)
+       [jessie] - libsdl2-image <no-dsa> (Minor issue)
        - sdl-image1.2 <unfixed> (bug #878267)
+       [stretch] - sdl-image1.2 <no-dsa> (Minor issue)
+       [jessie] - sdl-image1.2 <no-dsa> (Minor issue)
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
        NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705
 CVE-2017-2886


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to