Re: [PATCH 2/4] issues CVE-2012-5359 CVE-2012-5360 and CVE-2012-5361 are pretty unclear
On Fri, Jan 04, 2013 at 12:19:15AM +0100, Reinhard Tartler wrote:
> upstream is aware and unable to do anyhthing about it with the available
> information
> ---
> CVE/list | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/CVE/list b/CVE/list
> index 0a15cef..44dabb2 100644
> --- a/CVE/list
> +++ b/CVE/list
> @@ -4346,18 +4346,21 @@ CVE-2012-5362
> CVE-2012-5361
> RESERVED
> - ffmpeg <removed>
> - - libav <unfixed> (bug #694483)
> + - libav <undetermined> (bug #694483)
> NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> + TODO: upstream needs a proper sample to reproduce the issue
> CVE-2012-5360
> RESERVED
> - ffmpeg <removed>
> - - libav <unfixed> (bug #694483)
> + - libav <undetermined> (bug #694483)
> NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> + TODO: upstream needs a proper sample to reproduce the issue
> CVE-2012-5359
> RESERVED
> - ffmpeg <removed>
> - - libav <unfixed> (bug #694483)
> + - libav <undetermined> (bug #694483)
> NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> + TODO: upstream needs a proper sample to reproduce the issue
> CVE-2012-5358
> RESERVED
> CVE-2012-5357
Commited with slight modifications (TODO is rather for TODO items wrt
the tracker data).
FWIW, I had contacted Microsoft Security Response Team 1-2 weeks ago for
further details, but to no avail.
Cheers,
Moritz
Reply to: