Markus Koschany · Markus Koschany · Markus Koschany · Markus Koschany · Markus Koschany · Markus Koschany
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -64162,7 +64162,7 @@ CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.
 CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...)
 	{DSA-4049-1}
 	- ffmpeg 7:3.4-1
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
 CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
 	[experimental] - glibc 2.26-0experimental0
@@ -65611,7 +65611,8 @@ CVE-2017-15194 (include/global_session.php in Cacti 1.1.25 has XSS related to (1
 CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ...)
 	{DSA-4049-1}
 	- ffmpeg 7:3.4-1
-	- libav <undetermined>
+	- libav <removed>
+	[jessie] - libav <not-affected> (vulnerable code was introduced later)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
 CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis ...)
@@ -67024,9 +67025,10 @@ CVE-2017-14768
 CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d
 	NOTE: Fixed in 3.2.8
+	NOTE: The check is completely missing in Jessie. It should be added.
 CVE-2017-14766 (The Simple Student Result plugin before 1.6.4 for WordPress has an ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-14765 (In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a ...)
@@ -68691,12 +68693,13 @@ CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in
 CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
 CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
+	[jessie] - libav <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382
 CVE-2017-14221
 	RESERVED
@@ -68828,17 +68831,19 @@ CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage(
 CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7
 CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
 CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
+	NOTE: libav in Jessie uses a different guard for item_num. Check whether
+	NOTE: the guard is necessary at all.
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
 CVE-2017-14168
 	RESERVED
@@ -69250,7 +69255,8 @@ CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is pre
 CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...)
 	{DSA-3996-1}
 	- ffmpeg 7:3.3.4-1 (low)
-	- libav <undetermined>
+	- libav <removed>
+	[jessie] - libav <not-affected> (vulnerable code is not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
 CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...)
 	{DSA-3996-1}
@@ -79597,16 +79603,18 @@ CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly va
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706
 CVE-2017-9994 (libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ...)
 	- ffmpeg 7:3.2.5-1
-	- libav <undetermined>
+	- libav <removed>
 	[wheezy] - libav <not-affected> (Vulnerable code not present, WebP decoder feature introduced in v10)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
 CVE-2017-9993 (FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ...)
 	{DSA-3957-1}
 	- ffmpeg 7:3.2.6-1
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb
 	NOTE: Fixed in 3.2.6
+	NOTE: Jessie is only partially affected. Only the second commit is
+	NOTE: relevant. HTTP Live Streaming filename extension code is not present.
 CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in ...)
 	{DSA-4012-1 DLA-1142-1}
 	- ffmpeg 7:3.2.5-1
@@ -79635,6 +79643,8 @@ CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishan
 CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in ...)
 	- libav <removed>
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1067
+	NOTE: Five different issues but only one POC instead of five attached.
+	NOTE: Requires more information.
 CVE-2017-9986 (The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel ...)
 	- linux <unfixed> (unimportant)
 	NOTE: No security issue, only "exploitable" with malicious ISA cards
@@ -87756,11 +87766,12 @@ CVE-2017-7867 (International Components for Unicode (ICU) for C/C++ before 2017-
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213
 CVE-2017-7866 (FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ...)
 	- ffmpeg 7:3.2.4-1
-	- libav <undetermined>
+	- libav <removed>
+	[jessie] - libav <not-affected> (vulnerable code not present)
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264
 CVE-2017-7865 (FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ...)
 	- ffmpeg 7:3.2.4-1
-	- libav <undetermined>
+	- libav <removed>
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb
 CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a ...)
 	- freetype <not-affected> (Vulnerable code not present; CFF2 support introduced in 2.7.1, cf #860313)