[Git][security-tracker-team/security-tracker][master] new ffmpeg issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 1 10:28:16 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8753d3f by Moritz Muehlenhoff at 2021-06-01T11:27:49+02:00
new ffmpeg issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -674,7 +674,7 @@ CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.
 	- node-got 11.8.1+~cs53.13.17-3 (bug #989258)
 	[buster] - node-got <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
-	NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103	
+	NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
 CVE-2021-33501
 	RESERVED
 CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
@@ -57727,11 +57727,20 @@ CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at
 	NOTE: https://trac.ffmpeg.org/ticket/8275
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
 CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://trac.ffmpeg.org/ticket/8243
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
 CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://trac.ffmpeg.org/ticket/8276
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
 CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
+	NOTE: https://trac.ffmpeg.org/ticket/8250
 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
 	TODO: check
 CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8753d3f8a2f49ed1ec1391ea83a9ea42ac04883

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8753d3f8a2f49ed1ec1391ea83a9ea42ac04883
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210601/6c1d1dc0/attachment.htm>


More information about the debian-security-tracker-commits mailing list