[Git][security-tracker-team/security-tracker][master] Triage CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-21688,...
Chris Lamb (@lamby)
lamby at debian.org
Tue Nov 16 15:49:20 GMT 2021
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60b0dac9 by Chris Lamb at 2021-11-16T07:48:55-08:00
Triage CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-21688, CVE-2020-21697 & CVE-2020-20902 in ffmpeg for stretch LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87575,6 +87575,7 @@ CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in l
{DSA-4998-1}
- ffmpeg 7:4.4-5
[buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://trac.ffmpeg.org/ticket/8188
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
CVE-2020-21696
@@ -87597,6 +87598,7 @@ CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.
{DSA-4998-1}
- ffmpeg 7:4.4-5
[buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
CVE-2020-21687
@@ -89334,6 +89336,7 @@ CVE-2020-20903
CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...)
{DSA-4722-1}
- ffmpeg 7:4.2.2-1
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://trac.ffmpeg.org/ticket/8176
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd (4.3)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22 (4.3)
@@ -89356,6 +89359,7 @@ CVE-2020-20897
CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8273
CVE-2020-20895
@@ -89367,11 +89371,13 @@ CVE-2020-20893
CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <ignored> (Minor issue)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8282
CVE-2020-20890
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b0dac9737fd2c8d5f5d27de02ed175b7a5c99f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b0dac9737fd2c8d5f5d27de02ed175b7a5c99f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211116/c1f260db/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list