[Git][security-tracker-team/security-tracker][master] Reserve DLA-2291-1 for ffmpeg
Adrian Bunk
bunk at debian.org
Mon Jul 27 08:18:02 BST 2020
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ddcb4105 by Adrian Bunk at 2020-07-27T10:17:52+03:00
Reserve DLA-2291-1 for ffmpeg
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Jul 2020] DLA-2291-1 ffmpeg - security update
+ {CVE-2019-13390 CVE-2019-17542 CVE-2020-13904}
+ [stretch] - ffmpeg 7:3.2.15-0+deb9u1
[26 Jul 2020] DLA-2290-1 e2fsprogs - security update
{CVE-2019-5188}
[stretch] - e2fsprogs 1.43.4-2+deb9u2
=====================================
data/dla-needed.txt
=====================================
@@ -50,15 +50,6 @@ condor (Roberto C. Sánchez)
curl (Thorsten Alteholz)
NOTE: 20200719: testing package (thorsten)
--
-ffmpeg (Adrian Bunk)
- NOTE: 20200707: Vulnerable to at least CVE-2020-13904. (lamby)
- NOTE: 20200707: According to jmm, ffmpeg in stretch follows the 3.2.x releases
- NOTE: 20200707: (same as for buster, which he is rebasing to 4.1.6 in the
- NOTE: 20200707: next few days) [stretch] should continue to do for LTS as
- NOTE: 20200707: long as 3.2 releases are made, only a minor subset of
- NOTE: 20200707: ffmpeg bugs get a CVE assigned. There was a 3.2.15 release a
- NOTE: 20200707: few days ago, which should fix this and many others. (lamby)
---
firefox-esr (Emilio)
NOTE: 20200720: working on ESR 78 backport. (Emilio)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddcb4105d699f600e6aa17a5481a164fd0ee7270
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddcb4105d699f600e6aa17a5481a164fd0ee7270
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200727/60ec250e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list