[Git][security-tracker-team/security-tracker][master] 2 commits: remove ffmpeg <postponed> entries for issues pending for 4.3.3

Tue Oct 19 21:36:36 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f2c6516 by Moritz Muehlenhoff at 2021-10-19T22:36:24+02:00
remove ffmpeg <postponed> entries for issues pending for 4.3.3

- - - - -
caa311ef by Moritz Muehlenhoff at 2021-10-19T22:36:24+02:00
add note in dla-needed for 3.2.16

- - - - -


3 changed files:

- data/CVE/list
- data/dla-needed.txt
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11881,7 +11881,6 @@ CVE-2021-38172
 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not  ...)
 	{DSA-4990-1}
 	- ffmpeg <unfixed>
-	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
 	[stretch] - ffmpeg <postponed> (Wait to be fixed in buster first)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
 CVE-2021-38170
@@ -12023,7 +12022,6 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibG
 CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...)
 	{DSA-4990-1 DLA-2742-1}
 	- ffmpeg <unfixed>
-	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
 CVE-2021-3687
 	RESERVED
@@ -82773,7 +82771,6 @@ CVE-2020-21698
 	RESERVED
 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
 	- ffmpeg 7:4.4-5
-	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
 	[buster] - ffmpeg <postponed> (Wait for 4.1.9)
 	NOTE: https://trac.ffmpeg.org/ticket/8188
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
@@ -82795,7 +82792,6 @@ CVE-2020-21689
 	RESERVED
 CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
 	- ffmpeg 7:4.4-5
-	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
 	[buster] - ffmpeg <postponed> (Wait for 4.1.9)
 	NOTE: https://trac.ffmpeg.org/ticket/8186
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1


=====================================
data/dla-needed.txt
=====================================
@@ -36,6 +36,7 @@ faad2 (Thorsten Alteholz)
 ffmpeg (Anton Gladky)
   NOTE: probably wait until stuff is fixed in Buster
   NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg
+  NOTE: ffmpeg 3.2.16 has been released
 --
 firefox-esr (Emilio)
 --


=====================================
data/dsa-needed.txt
=====================================
@@ -23,6 +23,8 @@ djvulibre
 --
 faad2/oldstable (jmm)
 --
+ffmpeg/stable (jmm)
+--
 gpac (jmm)
 --
 icu



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c78de203f159724784a6bc8fe1b330e95a5bc610...caa311ef3e719a8aede9469feab18f461b26b4f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c78de203f159724784a6bc8fe1b330e95a5bc610...caa311ef3e719a8aede9469feab18f461b26b4f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211019/ba84653e/attachment.htm>
