[Git][security-tracker-team/security-tracker][master] ffmpeg updates
Moritz Muehlenhoff
jmm at debian.org
Tue Jul 7 19:11:11 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
401821e5 by Moritz Muehlenhoff at 2020-07-07T20:08:23+02:00
ffmpeg updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3248,7 +3248,10 @@ CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should
- zammad <itp> (bug #841355)
CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...)
- ffmpeg <unfixed>
+ [buster] - ffmpeg <not-affected> (Vulnerable code not present)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8716
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
CVE-2020-14211
RESERVED
CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected ...)
@@ -45142,7 +45145,6 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32
CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
{DLA-2021-1}
- ffmpeg 7:4.2.1-1
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
@@ -45170,7 +45172,6 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
- ffmpeg 7:4.2.1-1 (low)
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
- libav <removed> (low)
[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
@@ -59007,7 +59008,6 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier
NOTE: which seems to be the actual patch for this issue.
CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...)
- ffmpeg 7:4.2.1-1 (low; bug #932535)
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
NOTE: https://trac.ffmpeg.org/ticket/7979
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401821e558bf43a919d0c6fd60197f9ce6921ede
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401821e558bf43a919d0c6fd60197f9ce6921ede
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200707/d771d607/attachment.html>
More information about the debian-security-tracker-commits
mailing list