Author: luciano Date: 2011-12-04 12:37:57 +0000 (Sun, 04 Dec 2011) New Revision: 17745 Modified: data/CVE/list data/embedded-code-copies Log: ffmpeg issues (including libav) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-12-04 11:25:29 UTC (rev 17744) +++ data/CVE/list 2011-12-04 12:37:57 UTC (rev 17745) @@ -1,3 +1,12 @@ +CVE-2011-XXXX [FFmpeg Libavcodec memory corruption remote code execution] + - libav <unfixed> + - mplayer <unfixed> + - kino <unfixed> + - chromium-browser <unfixed> + - ffmpeg <removed> + - ffmpeg-debian <end-of-life> + NOTE: http://www.openwall.com/lists/oss-security/2011/12/04/1 + TODO: evaluate severity CVE-2011-4668 (IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers ...) TODO: check CVE-2011-4667 Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2011-12-04 11:25:29 UTC (rev 17744) +++ data/embedded-code-copies 2011-12-04 12:37:57 UTC (rev 17745) @@ -358,6 +358,7 @@ - avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750) - audacity 1.3.7-2 (embed; bug #512278) - chromium-browser <unfixed> (fork) + - libav <unfixed> faad2 - mplayer 1.0~rc2-20 (embed)