[Secure-testing-commits] r51758 - data/CVE

Fri, 19 May 2017 10:27:06 -0700 

Author: hle
Date: 2017-05-19 17:26:43 +0000 (Fri, 19 May 2017)
New Revision: 51758

Modified:
   data/CVE/list
Log:
Re-introduce previously removed <undetermined> entries for libav and mark them 
<not-affected> with appropriate NOTE.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-19 17:08:09 UTC (rev 51757)
+++ data/CVE/list       2017-05-19 17:26:43 UTC (rev 51758)
@@ -32708,6 +32708,8 @@
        NOT-FOR-US: Adobe Flash
 CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in ...)
        - ffmpeg 7:3.1.3-1
+       - libav <not-affected>
+       NOTE: Vulnerable code not present in any Libav version.
 CVE-2016-6919
        RESERVED
 CVE-2016-6918
@@ -32771,8 +32773,10 @@
        RESERVED
 CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg 
before ...)
        - ffmpeg 7:3.1.3-1 (unimportant)
+       - libav <not-affected>
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
        NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
+       NOTE: Vulnerable code not present in any Libav version.
 CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of 
a ...)
        - lshell <removed> (bug #834949)
        [wheezy] - lshell <not-affected> (Vulnerable code not present)
@@ -47933,10 +47937,14 @@
        NOTE: Fixed in 5.6.18, 7.0.3
 CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly 
calculate a ...)
        - ffmpeg 2.8.6-1
+       - libav <not-affected>
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
+       NOTE: Libav not affected according to upstream.
 CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly 
validate ...)
        - ffmpeg 2.8.6-1
+       - libav <not-affected>
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
+       NOTE: Vulnerable code not present in any Libav version.
 CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not 
validate ...)
        - ffmpeg 2.8.6-1
        - libav <not-affected> (Vulnerable code not present)
@@ -60767,6 +60775,8 @@
 CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame 
function in ...)
        - ffmpeg 7:2.7.2-1
        [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
+       - libav <not-affected>
+       NOTE: Vulnerable code not present in any Libav version.
 CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg 
before ...)
        - ffmpeg 7:2.7.2-1
        [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to