Mike Gabriel · Mike Gabriel · 6f39f8d7 · 6f39f8d7
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -144844,6 +144844,7 @@ CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg befo
 	- ffmpeg 7:2.8.2-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <removed>
+	[jessie] - libav <not-affected> (Vulnerable code not present)
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=43492ff3ab68a343c1264801baa1d5a02de10167
 CVE-2015-8218 (The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...)
@@ -169185,7 +169186,7 @@ CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
 CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
-	- libav <not-affected> (Vulnerable code not present)
+	- libav <removed>
 	- ffmpeg 2.4.4-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -54,18 +54,17 @@ libav (Markus Koschany, Mike Gabriel)
  NOTE: 20181129: "undetermined" issues. Then we can decide what CVE should be fixed ASAP.
  NOTE: 20181130: Adding my self as co-worker. Coordination of CVEs to be worked on: IRC
  NOTE: 20181130: #debian-lts.
-  NOTE: 20181130: CVE-2015-6761: patch available, issue non-reproducible, vulnerable (maybe: not-affected instead)
-  NOTE: 20181130: CVE-2015-6818: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6820: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6821: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6822: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6823: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6824: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6825: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-6826: patch available, issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8216: patch available (does not apply cleanly), issue untested (no PoC), vulnerable
-  NOTE: 20181130: CVE-2015-8217: similar patch applied, issue untested, not-affected (@apo: please double-check)
-  NOTE: 20181130: CVE-2015-8219: patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6761 (fixed): patch available, issue non-reproducible, vulnerable (maybe: not-affected instead)
+  NOTE: 20181130: CVE-2015-6818 (fixed): patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6820 (fixed): patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6821 (fixed): patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6822 (fixed): patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6823 (fixed): same patch as for CVE-2015-6822, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6824 (fixed): same patch as for CVE-2015-6822, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6825 (fixed): patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6826 (fixed): patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-8216 (fixed): patch available (does not apply cleanly), issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-8217 (fixed): similar patch applied, issue untested, not-affected (@apo: please double-check)
  NOTE: 20181130: CVE-2015-8363: patch available, issue untested (no PoC), vulnerable
  NOTE: 20181130: CVE-2015-8364: patch available, issue untested (no PoC), vulnerable
  NOTE: 20181130: CVE-2015-8661: patch available, issue untested (no PoC), vulnerable
@@ -82,6 +81,7 @@ libav (Markus Koschany, Mike Gabriel)
  NOTE: 20181206: CVE-2016-9824: no patch available, PoC available (needs testing), currently <no-dsa>
  NOTE: 20181206: CVE-2016-9825: no patch available, PoC available (needs testing), currently <ignored>
  NOTE: 20181206: CVE-2016-9826: no patch available, PoC available (needs testing), currently <ignored>
+  NOTE: 20181214: CVE-2014-9317 (fixed): patch available, issue untested (no PoC), vulnerable
 --
 libsndfile (Hugo Lefeuvre)
  NOTE: 20181214: waiting for upstream to approve my patches before upload