[Secure-testing-commits] r20824 - data/CVE

Reinhard Tartler Sat, 05 Jan 2013 03:12:30 -0800

Author: siretart
Date: 2013-01-05 11:11:35 +0000 (Sat, 05 Jan 2013)
New Revision: 20824


Modified:
   data/CVE/list
Log:
upstream inclusion status on libav CVE entries

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-01-05 10:21:22 UTC (rev 20823)
+++ data/CVE/list       2013-01-05 11:11:35 UTC (rev 20824)
@@ -11047,71 +11047,89 @@
        - libav <undetermined> (bug #688847)
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a80ebe491609e04110a1dd540a0ca79d3be3d04
        NOTE: ffmpeg fix is not a fix, it's unclear what real issue it is 
supposed to fix
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in 
...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav <unfixed> (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in 
...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 
0.11 ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile 
function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in 
FFmpeg ...)
        - libav <not-affected> (Vulnerable code not present in 0.8 version from 
unstable, fixed in 0.9 version in experimental)
        - ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function 
in ...)
        - ffmpeg <undetermined> (bug #688849)
-       - libav <undetermined> (bug #688847)
+       - libav <unfixed> (bug #688847)
        NOTE: patch proposed: http://patches.libav.org/patch/32642/
-       NOTE: Reproducer needed
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in 
...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2795 (Multiple unspecified vulnerabilities in 
libavcodec/wmalosslessdec.c in ...)
        - libav <not-affected> (Vulnerable code not present in 0.8 version from 
unstable, fixed in 0.9 version in experimental)
        - ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line 
function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...)
        - libav <not-affected> (Vulnerable code not present in 0.8 version from 
unstable, fixed in 0.9 version in experimental)
        - ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr 
...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav <unfixed> (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function 
in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in 
...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in 
...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2785 (Multiple unspecified vulnerabilities in 
libavcodec/wmalosslessdec.c in ...)
        - libav <not-affected> (Vulnerable code not present in 0.8 version from 
unstable, fixed in 0.9 version in experimental)
        - ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+        NOTE: duplicate of CVE-2012-2777
+        TODO: mark this properly as duplicate
 CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 
0.11 ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav <unfixed> (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function 
in ...)
        - libav <not-affected> (Doesn't affect libav)
 CVE-2012-2781
@@ -11121,28 +11139,34 @@
 CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2778
        RESERVED
 CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in 
...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function 
in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in 
FFmpeg ...)
        - ffmpeg <undetermined> (bug #688849)
-       - libav <undetermined> (bug #688847)
+       - libav <not-affected> (bug #688847)
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
        NOTE: patch proposed: http://patches.libav.org/patch/32644/
        NOTE: Reproducer needed
+       NOTE: there is no crash, just a couple uninitialized reads, harmless 
according to Janne
 CVE-2012-2773
        RESERVED
 CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function 
in ...)
        [squeeze] - ffmpeg <unfixed> (bug #688849)
        - libav 6:0.8.4-1 (bug #688847)
+       NOTE: scheduled for libav 0.8.5
 CVE-2012-2771
        RESERVED
 CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best 
Practical ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r20824 - data/CVE

Reply via email to