Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6d9cbe09 by Salvatore Bonaccorso at 2018-01-02T06:15:13+01:00 Add note for CVE-2017-14034 Add note referinging issue with three libbpg bugs. The third issue from the referenced link corresponds to CVE-2017-14034. Since the problematic function is not found in x256, remove that source entry, but the issue might affect in addition of ffmpeg (to be confirmed still) as well libav. Keep TODO item due to the open need of investigation. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -19453,7 +19453,7 @@ CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl functi NOTE: Non issue, only "exploitable" with root access CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...) - ffmpeg <unfixed> - - x265 <unfixed> + NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1 TODO: check CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...) {DSA-4031-1 DLA-1114-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d9cbe097d16daa662bb0d1299a9f58151d1b54e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d9cbe097d16daa662bb0d1299a9f58151d1b54e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits