[Git][security-tracker-team/security-tracker][master] Reserve DLA-2742-1 for ffmpeg

Sat Aug 14 17:33:47 BST 2021


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d91d5b6 by Anton Gladky at 2021-08-14T18:33:35+02:00
Reserve DLA-2742-1 for ffmpeg

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[14 Aug 2021] DLA-2742-1 ffmpeg - security update
+	{CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22028 CVE-2020-22031 CVE-2020-22032 CVE-2020-22036 CVE-2021-3566 CVE-2021-38114}
+	[stretch] - ffmpeg 7:3.2.15-0+deb9u3
 [12 Aug 2021] DLA-2741-1 commons-io - security update
 	{CVE-2021-29425}
 	[stretch] - commons-io 2.5-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -24,19 +24,6 @@ ansible
 exiv2 (Utkarsh Gupta)
   NOTE: 20210801: check further; some no-dsa issues have piled up, too. (utkarsh)
 --
-ffmpeg (Anton Gladky)
-  NOTE: 20210607: stretch was following the 3.2.x release line, but 3.2.15
-  NOTE: 20210607: (released 2020-07-02) was the last on this branch. There are
-  NOTE: 20210607: now 10+ ~new CVEs that nominally apply to the version in LTS,
-  NOTE: 20210607: so some investigation and insight is required to see which
-  NOTE: 20210607: apply and/or what we do with the version of ffmpeg in LTS
-  NOTE: 20210607: going forward. There is a 3.4.x release branch, for example,
-  NOTE: 20210607: but unclear on the compatibility as well as whether this one
-  NOTE: 20210607: won't just be dropped too, etc. etc. (lamby)
-  NOTE: 20210719: https://salsa.debian.org/lts-team/packages/ffmpeg/-/blob/master/debian/changelog
-  NOTE: 20210719: CVE-2020-22036 and CVE-2020-22032 are done. Many false-positive. Investigating.
-  NOTE: 20210730: CVE-2020-22031 and CVE-2020-22028 are done. Checking rest of patches. Try to reproduce
---
 firmware-nonfree (Anton Gladky)
   NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d91d5b67ccdcd69d688c4c9579afe1bcc67970f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d91d5b67ccdcd69d688c4c9579afe1bcc67970f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210814/2cc16e34/attachment-0001.htm>
