[Git][security-tracker-team/security-tracker][master] new ffmpeg issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 1 09:54:17 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5ba6346 by Moritz Muehlenhoff at 2021-06-01T10:53:39+02:00
new ffmpeg issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57711,11 +57711,21 @@ CVE-2020-22036
 CVE-2020-22035
 	RESERVED
 CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 atlibavfi ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://trac.ffmpeg.org/ticket/8236
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
 CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://trac.ffmpeg.org/ticket/8246
+	NOTE: https://trac.ffmpeg.org/ticket/8241
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
 CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://trac.ffmpeg.org/ticket/8275
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
 CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
 	TODO: check
 CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5ba634604ed49f3a6b5afd064ebb1aede44d9ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5ba634604ed49f3a6b5afd064ebb1aede44d9ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210601/12d3a29c/attachment.htm>


More information about the debian-security-tracker-commits mailing list