Author: jmm Date: 2014-01-10 16:41:11 +0000 (Fri, 10 Jan 2014) New Revision: 25148
Modified: data/CVE/list Log: "new" ffmpeg/libav issues NFUs clean up some older TODOs Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-01-10 15:24:58 UTC (rev 25147) +++ data/CVE/list 2014-01-10 16:41:11 UTC (rev 25148) @@ -6761,7 +6761,7 @@ CVE-2013-5386 RESERVED CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, and in z/OS on zSeries ...) - TODO: check + NOT-FOR-US: IBM CVE-2013-5384 RESERVED CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...) @@ -9180,7 +9180,6 @@ - systemd <unfixed> (low; bug #725357) [wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060 - TODO: no useful information available yet, recheck later CVE-2013-4391 (Integer overflow in the valid_user_field function in ...) {DSA-2777-1} - systemd 204-5 (bug #725357) @@ -9907,7 +9906,6 @@ CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly ...) - nova 2013.1.3-1 NOTE: CVE for incomplete fix applied for CVE-2013-1664 - TODO: check if fix applied in #700949 was already complete CVE-2013-4178 RESERVED NOT-FOR-US: GA Login Drupal contributed module @@ -11080,7 +11078,7 @@ CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...) NOT-FOR-US: SUSE Lifecycle Management Server CVE-2013-3709 (WebYaST 1.3 uses weak permissions for ...) - TODO: check + NOT-FOR-US: WebYast CVE-2013-3708 (The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 ...) NOT-FOR-US: Novell iPrint Client CVE-2013-3707 (The HTTPSTK service in the novell-nrm package before ...) @@ -11175,7 +11173,7 @@ CVE-2013-3668 RESERVED CVE-2013-3667 (The software update mechanism as used in Bare Bones Software Yojimbo ...) - TODO: check + NOT-FOR-US: Various proprietary software updaters CVE-2013-3666 (The LG Hidden Menu component for Android on the LG Optimus G E973 ...) NOT-FOR-US: LG Hidden Menu CVE-2013-3665 (Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT ...) @@ -14681,7 +14679,6 @@ - nova <unfixed> - quantum <unfixed> - swift <not-affected> (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5) - TODO: check if complete and possibly report to BTS, sec announcement from upstream in preparation CVE-2013-2254 (The deepGetOrCreateNode function in ...) NOT-FOR-US: Apache Sling CVE-2013-2253 @@ -19067,7 +19064,6 @@ - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser <end-of-life> - libv8 <not-affected> (bug #702261; vulnerablility was fixed by reverting to old implementation as found in version 3.8.9.20) - TODO: re-check uploads newer than 3.8.9.20 CVE-2013-0835 (Unspecified vulnerability in the Geolocation implementation in Google ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser <end-of-life> @@ -38112,13 +38108,13 @@ {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2012-0264 (op5 Monitor and op5 Appliance before 5.5.0 do not properly manage ...) - TODO: check + NOT-FOR-US: op5 CVE-2012-0263 (monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows ...) - TODO: check + NOT-FOR-US: op5 CVE-2012-0262 (op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and ...) - TODO: check + NOT-FOR-US: op5 CVE-2012-0261 (license.php in system-portal before 1.6.2 in op5 Monitor and op5 ...) - TODO: check + NOT-FOR-US: op5 CVE-2012-0260 (The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) @@ -41614,9 +41610,11 @@ - libav 4:0.8.1-1 - ffmpeg <removed> CVE-2011-3950 (The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg ...) - TODO: check + - libav <not-affected> (Specific to newer ffmpeg after split) + - ffmpeg <not-affected> (Specific to newer ffmpeg after split) CVE-2011-3949 (The dirac_unpack_idwt_params function in libavcodec/diracdec.c in ...) - TODO: check + - libav <not-affected> (Specific to newer ffmpeg after split) + - ffmpeg <not-affected> (Specific to newer ffmpeg after split) CVE-2011-3948 RESERVED CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before ...) @@ -41624,12 +41622,16 @@ - libav 4:0.8.1-1 - ffmpeg <removed> CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg ...) - TODO: check + - libav <unfixed> (unimportant) + - ffmpeg <removed> (unimportant) + NOTE: Not suitable for code injection, not treated as security issue CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in ...) - libav 4:0.8.1-1 - ffmpeg <not-affected> (Vulnerable code not present) CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in ...) - TODO: check + - libav <unfixed> + - ffmpeg <removed> + NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da CVE-2011-3943 RESERVED CVE-2011-3942 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits