Mike Gabriel · Mike Gabriel · b92d281f · b92d281f
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -144321,7 +144321,7 @@ CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg thro
 	{DSA-3376-1}
 	- ffmpeg 7:2.8.1-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
-	- libav <undetermined>
+	- libav <removed>
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- chromium-browser 44.0.2403.157-1
 	[wheezy] - chromium-browser <end-of-life>
@@ -144330,6 +144330,7 @@ CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg thro
 	NOTE: https://code.google.com/p/chromium/issues/detail?id=532967
 	NOTE: Starting with 44.0.2403.157-1 chromium uses the ffmpeg system copy
 	NOTE: It looks like this relates to multithreaded decoding of VPx codecs, which is not implemented in the squeeze version. But I'm not sure as the second bug report is still private.
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
 CVE-2015-6760 (The Image11::map function in renderer/d3d/d3d11/Image11.cpp in ...)
 	{DSA-3376-1}
 	- chromium-browser 46.0.2490.71-1
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -22,10 +22,11 @@ libapache-mod-jk (Roberto C. Sánchez)
 --
 libav (Markus Koschany, Mike Gabriel)
  NOTE: 20181129: More than one contributor can work on libav at the same time.
-  NOTE: First priority should be to find more information about the
-  NOTE: "undetermined" issues. Then we can decide what CVE should be fixed ASAP.
-  NOTE: Adding my self as co-worker. Coordination of CVEs to be worked on: IRC
-  NOTE: #debian-lts.
+  NOTE: 20181129: First priority should be to find more information about the
+  NOTE: 20181129: "undetermined" issues. Then we can decide what CVE should be fixed ASAP.
+  NOTE: 20181130: Adding my self as co-worker. Coordination of CVEs to be worked on: IRC
+  NOTE: 20181130: #debian-lts.
+  NOTE: 20181130: CVE-2015-6761: patch available, issue non-reproducible, vulnerable (for now)
 --
 libsndfile (Hugo Lefeuvre)
  NOTE: 20181123: CVE-2018-19432 minor but several older CVEs triaged no-dsa (such as CVE-2017-8361)