[Git][security-tracker-team/security-tracker][master] new ffmpeg issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Aug 12 07:54:00 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aab16cdb by Moritz Mühlenhoff at 2021-08-12T08:53:45+02:00
new ffmpeg issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,7 +45,7 @@ CVE-2021-38541
CVE-2021-3699
RESERVED
CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...)
- TODO: check
+ NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2021-XXXX [RUSTSEC-2021-0078]
- rust-hyper <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html
@@ -400,7 +400,6 @@ CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is n
- kmail <unfixed>
NOTE: https://bugs.kde.org/show_bug.cgi?id=423423
NOTE: https://nostarttls.secvuln.info
- TODO: check details
CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...)
- trojita <itp> (bug #795701)
CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...)
@@ -410,7 +409,6 @@ CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response inje
CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...)
- alpine <unfixed>
NOTE: https://nostarttls.secvuln.info
- TODO: check details
CVE-2021-38369
RESERVED
CVE-2021-38368
@@ -1012,7 +1010,7 @@ CVE-2021-38142
CVE-2021-38141
RESERVED
CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...)
- TODO: check
+ NOT-FOR-US: set_user extension for Postgres
CVE-2021-38139
RESERVED
CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...)
@@ -1071,7 +1069,10 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibG
NOTE: https://github.com/libgd/libgd/issues/697
NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...)
- TODO: check
+ - ffmpeg <unfixed>
+ [bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
CVE-2021-3687
RESERVED
CVE-2021-3686
@@ -11344,7 +11345,9 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able
NOTE: https://docs.inspircd.org/security/2021-01/
NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d
CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
- TODO: check
+ - ffmpeg 7:4.3-2
+ [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532
CVE-2021-33579
RESERVED
CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab16cdb5960c6e11a00f09dcfbf39b4d3c478e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab16cdb5960c6e11a00f09dcfbf39b4d3c478e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/bcaf0d3b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list