[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH 2/4] issues CVE-2012-5359 CVE-2012-5360 and CVE-2012-5361 are pretty unclear

On Fri, Jan 04, 2013 at 12:19:15AM +0100, Reinhard Tartler wrote:
> upstream is aware and unable to do anyhthing about it with the available
> information
> ---
>  CVE/list |    9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/CVE/list b/CVE/list
> index 0a15cef..44dabb2 100644
> --- a/CVE/list
> +++ b/CVE/list
> @@ -4346,18 +4346,21 @@ CVE-2012-5362
>  CVE-2012-5361
>  	RESERVED
>  	- ffmpeg <removed>
> -	- libav <unfixed> (bug #694483)
> +	- libav <undetermined> (bug #694483)
>  	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> +	TODO: upstream needs a proper sample to reproduce the issue
>  CVE-2012-5360
>  	RESERVED
>  	- ffmpeg <removed>
> -	- libav <unfixed> (bug #694483)
> +	- libav <undetermined> (bug #694483)
>  	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> +	TODO: upstream needs a proper sample to reproduce the issue
>  CVE-2012-5359
>  	RESERVED
>  	- ffmpeg <removed>
> -	- libav <unfixed> (bug #694483)
> +	- libav <undetermined> (bug #694483)
>  	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> +	TODO: upstream needs a proper sample to reproduce the issue
>  CVE-2012-5358
>  	RESERVED
>  CVE-2012-5357

Commited with slight modifications (TODO is rather for TODO items wrt
the tracker data).

FWIW, I had contacted Microsoft Security Response Team 1-2 weeks ago for
further details, but to no avail.

Cheers,
        Moritz
Reply to: