[Git][security-tracker-team/security-tracker][master] Add information for CVE-2020-24995/ffmpeg
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 3 14:49:24 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7015582 by Salvatore Bonaccorso at 2021-04-03T15:48:56+02:00
Add information for CVE-2020-24995/ffmpeg
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41852,7 +41852,14 @@ CVE-2020-24996 (There is an invalid memory access in the function TextString::~T
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in aacde ...)
- TODO: check
+ - ffmpeg <undetermined>
+ NOTE: https://trac.ffmpeg.org/ticket/8845
+ NOTE: https://trac.ffmpeg.org/ticket/8859
+ NOTE: https://trac.ffmpeg.org/ticket/8860
+ NOTE: Support for 22.2 / channel_config 13 introduced in:
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+ NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+ TODO: check if issue introduced only when introducign support for Support for 22.2 / channel_config 13
CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
- libass 1:0.15.0-1
[buster] - libass <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7015582e68f5b0c709ea531e52543900eee309d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7015582e68f5b0c709ea531e52543900eee309d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210403/a685a00d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list