Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d9cbe09 by Salvatore Bonaccorso at 2018-01-02T06:15:13+01:00
Add note for CVE-2017-14034
Add note referinging issue with three libbpg bugs. The third issue from
the referenced link corresponds to CVE-2017-14034.
Since the problematic function is not found in x256, remove that source
entry, but the issue might affect in addition of ffmpeg (to be confirmed
still) as well libav.
Keep TODO item due to the open need of investigation.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19453,7 +19453,7 @@ CVE-2017-14051 (An integer overflow in the
qla2x00_sysfs_write_optrom_ctl functi
NOTE: Non issue, only "exploitable" with root access
CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in
libavcodec, as used ...)
- ffmpeg <unfixed>
- - x265 <unfixed>
+ NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
TODO: check
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before
2.2.8, ...)
{DSA-4031-1 DLA-1114-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d9cbe097d16daa662bb0d1299a9f58151d1b54e
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d9cbe097d16daa662bb0d1299a9f58151d1b54e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
