Author: gilbert-guest Date: 2011-02-01 05:05:46 +0000 (Tue, 01 Feb 2011) New Revision: 16024 Modified: data/CVE/list Log: info on ffmpeg issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-02-01 04:21:15 UTC (rev 16023) +++ data/CVE/list 2011-02-01 05:05:46 UTC (rev 16024) @@ -109,11 +109,13 @@ [lenny] - pam <no-dsa> (Minor issue) [squeeze] - pam <no-dsa> (Minor issue) CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in ...) - - ffmpeg <unfixed> (bug #611495) - - ffmpeg-debian <removed> + - ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495) + - ffmpeg-debian <not-affected> (issue introduced in 0.6.x series) + NOTE: recheck when 0.6.x gets uploaded CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and ...) - - ffmpeg <unfixed> (bug #611495) - - ffmpeg-debian <removed> + - ffmpeg <unfixed> (low; bug #611495) + - ffmpeg-debian <removed> (low) + NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency) CVE-2010-XXXX - redmine 1.0.5-1 (bug #608397) NOTE: http://www.redmine.org/news/49