Author: atomo64-guest
Date: 2013-06-18 13:28:08 +0000 (Tue, 18 Jun 2013)
New Revision: 22663
Modified:
data/CVE/list
Log:
update to ffmpeg/libav issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-18 09:14:26 UTC (rev 22662)
+++ data/CVE/list 2013-06-18 13:28:08 UTC (rev 22663)
@@ -1,13 +1,13 @@
CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap
before ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1
allow ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2013-4610 (Unspecified vulnerability in the Data Search utility in
data-entry ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2013-4609 (REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject
certain ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2013-4608 (Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6
allows ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2013-4607
RESERVED
CVE-2013-4606
@@ -15,13 +15,13 @@
CVE-2013-4605
RESERVED
CVE-2012-6567 (REDCap before 4.14.0 allows remote authenticated users to
execute ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2012-6566 (Cross-site scripting (XSS) vulnerability in REDCap before
4.14.2 ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2012-6565 (Cross-site scripting (XSS) vulnerability in REDCap before
4.14.3 ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2012-6564 (Cross-site scripting (XSS) vulnerability in REDCap before
4.14.5 ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2013-4604
RESERVED
CVE-2013-4603
@@ -1345,11 +1345,11 @@
CVE-2013-3960
RESERVED
CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used
in ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC
before ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web
Navigator ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2013-3956
RESERVED
CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x
and 6.x ...)
@@ -1929,27 +1929,24 @@
RESERVED
CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in
FFmpeg ...)
- ffmpeg <removed>
- - libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.2.1
+ [squeeze] - ffmpeg <not-affected> (codec not built)
+ - libav <not-affected> (codec not built)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in
FFmpeg ...)
- ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (codec not built)
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.2.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in
FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.2.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d23b8462b5a4a9da78ed45c4a7a3b35d538df909
CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in
FFmpeg ...)
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.2.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8d3c99e825317b7efda5fd12e69896b47c700303
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before
1.2.1 ...)
- ffmpeg <removed>
@@ -1961,7 +1958,6 @@
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.2.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb
CVE-2013-3669
RESERVED
@@ -9028,42 +9024,36 @@
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1.3
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=796012af6c780b5b13ebca39a491f215515a18fe
CVE-2013-0877 [libavcodec/sanm.c out of array accesses]
RESERVED
- ffmpeg <removed>
- - libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.1.3
+ [squeeze] - ffmpeg <not-affected> (codec not built)
+ - libav <not-affected> (codec not built)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=365270aec5c2b9284230abc702b11168818f14cf
CVE-2013-0876 [libavcodec/sanm.c integer overflow and out of array accesses]
RESERVED
- ffmpeg <removed>
- - libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.1.3
+ [squeeze] - ffmpeg <not-affected> (codec not built)
+ - libav <not-affected> (codec not built)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1
CVE-2013-0875 [libavcodec/pngdec.c dont access out array elements]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1.3
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1
CVE-2013-0874 [libavcodec/tiff.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1.3
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1219cdaf9fb4bc8cea410e1caf802373c1bfe51
CVE-2013-0873 [libavcodec/shorten.c freeing invalid addresses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1.3
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
CVE-2013-0872 [libswresample/swresample.c out of array accesses]
RESERVED
@@ -9081,21 +9071,18 @@
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.2
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a
CVE-2013-0869 [libavcodec/h264.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1.2
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
CVE-2013-0868 [libavcodec/huffyuvdec.c out of array writes]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.4
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 [libavcodec/h264.c out of array accesses]
@@ -9103,42 +9090,36 @@
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1.2
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 [libavcodec/aacdec.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.4
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
CVE-2013-0865 [libavcodec/vqavideo.c out of array writes]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.4
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ab6c9332bfa1e20127a16392a0b85a4aa4840889
CVE-2013-0864 [libavcodec/gifdec.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1.2
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c10350358da58600884292c08a8690289b81de29
CVE-2013-0863 [libavcodec/sanm.c buffer overflow]
RESERVED
- ffmpeg <removed>
- - libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.0.4
+ [squeeze] - ffmpeg <not-affected> (codec not built)
+ - libav <not-affected> (codec not built)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7357ca900efcf829de4cce4cec6ddc286526d417
CVE-2013-0862 [libavcodec/sanm.c integer overflows and out of array accesses]
RESERVED
- ffmpeg <removed>
- - libav <unfixed>
- TODO: check
- NOTE: fixed in ffmpeg 1.0.4
+ [squeeze] - ffmpeg <not-affected> (codec not built)
+ - libav <not-affected> (codec not built)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=49b729d3af8464de431362e6c5b3027102bc2f88
CVE-2013-0861 [libavcodec/utils.c memory corruption]
RESERVED
@@ -9159,112 +9140,99 @@
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6d1c5ea04af3e345232aa70c944de961061dab2d
CVE-2013-0858 [libavcodec/atrac3.c]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.4
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
CVE-2013-0857 [libavcodec/iff.c]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
CVE-2013-0856 [libavcodec/alac.c]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
CVE-2013-0855 [libavcodec/alac.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
CVE-2013-0854 [libavcodec/mjpegdec.c]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
CVE-2013-0853 [libavcodec/wavpack.c out of array access]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
CVE-2013-0852 [libavcodec/pgssubdec.c out of array accesses]
RESERVED
- ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (codec not built)
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 [libavcodec/eamad.c out of array accesses]
RESERVED
- ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (codec not built)
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
CVE-2013-0850 [libavcodec/h264.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
CVE-2013-0849 [libavcodec/roqvideodec.c]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
CVE-2013-0848 [libavcodec/huffyuv.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
CVE-2013-0847 [libavformat/id3v2.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
CVE-2013-0846 [libavcodec/qdm2.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
CVE-2013-0845 [libavcodec/alsdec.c]
RESERVED
- ffmpeg <removed>
+ [squeeze] - ffmpeg <not-affected> (codec not built)
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.4
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
CVE-2013-0844 [libavcodec/adpcm.c out of array access]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
TODO: check
- NOTE: fixed in ffmpeg 1.0.4
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google
Chrome ...)
- chromium-browser <not-affected> (MacOS-specific)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
