Author: jmm
Date: 2013-01-04 10:41:59 +0000 (Fri, 04 Jan 2013)
New Revision: 20804
Modified:
data/CVE/list
Log:
updates from siretart, thanks
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-04 10:17:21 UTC (rev 20803)
+++ data/CVE/list 2013-01-04 10:41:59 UTC (rev 20804)
@@ -4355,19 +4355,22 @@
NOT-FOR-US: Microsoft Windows
CVE-2012-5361
RESERVED
- - ffmpeg <removed>
- - libav <unfixed> (bug #694483)
+ - ffmpeg <undetermined>
+ - libav <undetermined> (bug #694483)
NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
+ NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5360
RESERVED
- - ffmpeg <removed>
- - libav <unfixed> (bug #694483)
+ - ffmpeg <undetermined>
+ - libav <undetermined> (bug #694483)
NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
+ NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5359
RESERVED
- - ffmpeg <removed>
- - libav <unfixed> (bug #694483)
+ - ffmpeg <undetermined>
+ - libav <undetermined> (bug #694483)
NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
+ NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5358
RESERVED
CVE-2012-5357
@@ -10812,6 +10815,7 @@
- libav <unfixed> (bug #694483)
- ffmpeg <removed>
NOTE: https://chromiumcodereview.appspot.com/10829204
+ NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle
plug-ins, ...)
- chromium-browser 22.0.1229.94~r161065-1
CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows
remote ...)
@@ -11024,8 +11028,10 @@
CVE-2012-2805
RESERVED
CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg
before 0.11 ...)
- [squeeze] - ffmpeg <unfixed> (bug #688849)
- - libav <unfixed> (bug #688847)
+ - ffmpeg <undetermined> (bug #688849)
+ - libav <undetermined> (bug #688847)
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a80ebe491609e04110a1dd540a0ca79d3be3d04
+ NOTE: ffmpeg fix is not a fix, it's unclear what real issue it is
supposed to fix
CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in
...)
[squeeze] - ffmpeg <unfixed> (bug #688849)
- libav <unfixed> (bug #688847)
@@ -11045,8 +11051,10 @@
[squeeze] - ffmpeg <unfixed> (bug #688849)
- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function
in ...)
- [squeeze] - ffmpeg <unfixed> (bug #688849)
- - libav <unfixed> (bug #688847)
+ - ffmpeg <undetermined> (bug #688849)
+ - libav <undetermined> (bug #688847)
+ NOTE: patch proposed: http://patches.libav.org/patch/32642/
+ NOTE: Reproducer needed
CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in
...)
[squeeze] - ffmpeg <unfixed> (bug #688849)
- libav 6:0.8.4-1 (bug #688847)
@@ -11110,8 +11118,11 @@
[squeeze] - ffmpeg <unfixed> (bug #688849)
- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in
FFmpeg ...)
- [squeeze] - ffmpeg <unfixed> (bug #688849)
- - libav <unfixed> (bug #688847)
+ - ffmpeg <undetermined> (bug #688849)
+ - libav <undetermined> (bug #688847)
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
+ NOTE: patch proposed: http://patches.libav.org/patch/32644/
+ NOTE: Reproducer needed
CVE-2012-2773
RESERVED
CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function
in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
