Author: joeyh
Date: 2014-08-11 09:14:11 +0000 (Mon, 11 Aug 2014)
New Revision: 28208
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-11 05:32:59 UTC (rev 28207)
+++ data/CVE/list 2014-08-11 09:14:11 UTC (rev 28208)
@@ -414,6 +414,7 @@
NOTE:
https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
CVE-2014-5033 [kauth authentication bypass]
RESERVED
+ {DSA-3004-1}
- kde4libs 4:4.13.3-2 (bug #755814)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
NOTE:
http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
@@ -7315,6 +7316,7 @@
CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM)
4.3-3810 ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream
(aka DVB) ...)
+ {DSA-3003-1}
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks
missing)
- libav <unfixed>
NOTE: Fix in libav:
http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
@@ -22582,6 +22584,7 @@
- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
- libav <not-affected> (Smush codec not present in libav)
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in
FFmpeg ...)
+ {DSA-3003-1}
- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5
ffmpeg)
- libav <unfixed>
NOTE: Fix in ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
@@ -22590,6 +22593,7 @@
- ffmpeg <not-affected> (Doesn't affect libav, specific to current
ffmpeg)
- libav <not-affected> (Doesn't affect libav, specific to current
ffmpeg)
CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in
FFmpeg ...)
+ {DSA-3003-1}
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks
missing)
- libav <unfixed>
NOTE: Fix in ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
@@ -30314,6 +30318,7 @@
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
NOTE: Fix needed in ffmpeg 0.5
CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote
attackers ...)
+ {DSA-3003-1}
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks
missing)
- libav 6:10.3-1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
@@ -30348,6 +30353,7 @@
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
NOTE: Affects the libav version in experimental
CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c
in ...)
+ {DSA-3003-1}
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks
missing)
- libav 6:10.1-1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
@@ -30395,10 +30401,12 @@
NOTE: Fix in ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
NOTE: Fix in libav:
http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in
FFmpeg ...)
+ {DSA-3003-1}
- ffmpeg <not-affected> (PGS subtitle decoder not present)
- libav 6:10.3-1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg
before 1.1 ...)
+ {DSA-3003-1}
- ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not
present in ffmpeg 0.5)
- libav 6:10.3-1
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
@@ -30419,6 +30427,7 @@
NOTE: Fix in libav:
http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
NOTE: Needed in ffmpeg 0.5
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg
before 1.1 ...)
+ {DSA-3003-1}
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks
missing)
- libav <unfixed>
NOTE: Fix in ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
@@ -52976,6 +52985,7 @@
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in
FFmpeg ...)
+ {DSA-3003-1}
- libav 6:10.3-1 (unimportant)
- ffmpeg <removed> (unimportant)
NOTE: Not suitable for code injection, not treated as security issue
@@ -53011,10 +53021,12 @@
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10
allows ...)
+ {DSA-3003-1}
- libav 6:10-1
- ffmpeg <not-affected> (vuln. code not present, introduced later)
NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML
CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context
function in ...)
+ {DSA-3003-1}
- libav 6:10-1 (unimportant)
- ffmpeg <removed> (unimportant)
NOTE: Fixed in libav trunk:
http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
