[Git][security-tracker-team/security-tracker][master] ffmpeg updates

Moritz Muehlenhoff jmm at debian.org
Tue Jul 7 19:11:11 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
401821e5 by Moritz Muehlenhoff at 2020-07-07T20:08:23+02:00
ffmpeg updates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3248,7 +3248,10 @@ CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should
 	- zammad <itp> (bug #841355)
 CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...)
 	- ffmpeg <unfixed>
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
+	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8716
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
 CVE-2020-14211
 	RESERVED
 CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected  ...)
@@ -45142,7 +45145,6 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32
 CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
 	{DLA-2021-1}
 	- ffmpeg 7:4.2.1-1
-	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
@@ -45170,7 +45172,6 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
 CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
 	- ffmpeg 7:4.2.1-1 (low)
-	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed> (low)
 	[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
@@ -59007,7 +59008,6 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier
 	NOTE: which seems to be the actual patch for this issue.
 CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...)
 	- ffmpeg 7:4.2.1-1 (low; bug #932535)
-	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	NOTE: https://trac.ffmpeg.org/ticket/7979
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401821e558bf43a919d0c6fd60197f9ce6921ede

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401821e558bf43a919d0c6fd60197f9ce6921ede
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200707/d771d607/attachment.html>


More information about the debian-security-tracker-commits mailing list