[Git][security-tracker-team/security-tracker][master] new ffmpeg issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 1 17:59:43 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae0eb417 by Moritz Muehlenhoff at 2021-06-01T18:59:28+02:00
new ffmpeg issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57758,21 +57758,45 @@ CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
 	NOTE: https://trac.ffmpeg.org/ticket/8250
 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
+	NOTE: https://trac.ffmpeg.org/ticket/8274
 CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
+	NOTE: https://trac.ffmpeg.org/ticket/8242
 CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
+	NOTE: https://trac.ffmpeg.org/ticket/8317
 CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at  ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
+	NOTE: https://trac.ffmpeg.org/ticket/8260
 CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <not-affected> (Introduced in 4.2)
+	[stretch] - ffmpeg <not-affected> (Introduced in 4.2)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3
+	NOTE: https://trac.ffmpeg.org/ticket/8310
 CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
+	NOTE: https://trac.ffmpeg.org/ticket/8244
 CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
+	NOTE: https://trac.ffmpeg.org/ticket/8264
 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
 	TODO: check
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=
+	NOTE: https://trac.ffmpeg.org/ticket/
 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
 	- ffmpeg 7:4.3-2
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
@@ -57788,15 +57812,21 @@ CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10b
 CVE-2020-22018
 	RESERVED
 CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://trac.ffmpeg.org/ticket/8309
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
 CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://trac.ffmpeg.org/ticket/8183
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
 	- ffmpeg <unfixed>
-	[bullseye] - ffmpeg <ignored> (Minor issue)
 	[buster] - ffmpeg <ignored> (Minor issue)
 	[stretch] - ffmpeg <ignored> (Minor issue)
 	NOTE: https://trac.ffmpeg.org/ticket/8190
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46
 CVE-2020-22014
 	RESERVED
 CVE-2020-22013



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae0eb417f01f6ccdbcfa3d471e48c00a0bb9cd7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae0eb417f01f6ccdbcfa3d471e48c00a0bb9cd7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210601/0100178a/attachment.htm>

More information about the debian-security-tracker-commits mailing list