[Secure-testing-team] [Secure-testing-commits] r28115 - data/CVE
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 7 05:12:27 UTC 2014
Hi Reinhard,
On Thu, Aug 07, 2014 at 12:21:11AM +0000, Reinhard Tartler wrote:
> Author: siretart
> Date: 2014-08-07 00:21:11 +0000 (Thu, 07 Aug 2014)
> New Revision: 28115
>
> Modified:
> data/CVE/list
> Log:
> update CVE-2013-0860 libav
>
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list 2014-08-06 23:15:33 UTC (rev 28114)
> +++ data/CVE/list 2014-08-07 00:21:11 UTC (rev 28115)
> @@ -30288,10 +30288,10 @@
> NOTE: Affects the libav version in experimental
> CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in ...)
> - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
> - - libav <undetermined>
> + - libav <not-affected> (Vulnerable code not present)
> + [wheezy] - libav <unfixed>
> NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
> - NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
> - NOTE: [Vittorio] looks strange, I don't think it happens with the new code, but a second opinion is welcome
> + NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
Do you know anything about the version fixing this issue? If so, we
should update the entry to
- libav $version_with_fix
and remove the separate wheezy-tagged line.
Regards and thanks for the updates on the tracker,
Salvatore
More information about the Secure-testing-team
mailing list