Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37817c4c by Markus Koschany at 2018-12-10T14:03:56Z
CVE-2018,6912,libav: Jessie is not affected.
Vulnerable code is not present.
- - - - -
ab22ff3c by Markus Koschany at 2018-12-10T14:12:13Z
CVE-2018-6621,libav: Jessie is affected
- - - - -
f47ff306 by Markus Koschany at 2018-12-10T14:39:50Z
CVE-2018-6392,libav: Jessie is affected
The vulnerable code is in filter_frame instead of filter_slice.
- - - - -
759a78e2 by Markus Koschany at 2018-12-10T14:40:32Z
Merge branch 'master' of
salsa.debian.org:security-tracker-team/security-tracker
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38166,7 +38166,8 @@ CVE-2018-6913 (Heap-based buffer overflow in the pack
function in Perl before 5.
CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg
through ...)
- ffmpeg 7:4.0.1-2 (low)
[stretch] - ffmpeg <not-affected> (Code in 3.2 is different/not
affected)
- - libav <undetermined>
+ - libav
+ [jessie] - libav <not-affected> (vulnerable code is not present)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech
WebAccess ...)
NOT-FOR-US: Advantech WebAccess
@@ -38998,7 +38999,7 @@ CVE-2018-6622 (An issue was discovered that affects all
producers of BIOS firmwa
CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg
through ...)
{DSA-4249-1}
- ffmpeg 7:3.4.2-1 (low)
- - libav <undetermined>
+ - libav
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
NOTE: Fixed in 3.2.11
CVE-2018-6620
@@ -39789,12 +39790,13 @@ CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit
and 14.0.1.24 ...)
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in
FFmpeg ...)
{DSA-4249-1}
- ffmpeg 7:3.4.2-1
- - libav <undetermined>
+ - libav
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
NOTE: Needs as well:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
NOTE: fixing a (functional) regression introduced by the original fix.
NOTE: Fixed in 3.2.11, the commit in the 3.2 branch
(c4ba170cad2ccdd896ea6fd3a890980008606541)
NOTE: has the regression fix squashed in
+ NOTE: The vulnerable function is filter_frame in libav.
CVE-2018-6391 (A cross-site request forgery web vulnerability has been
discovered on ...)
NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office
10.1.0.7106 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bb604b00d7cf4a7b28cec29ab59c95861223836...759a78e2af00b650659cdb1927b070554310047a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/1bb604b00d7cf4a7b28cec29ab59c95861223836...759a78e2af00b650659cdb1927b070554310047a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
