[Git][security-tracker-team/security-tracker][master] new ffmpeg issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22432f67 by Moritz Muehlenhoff at 2021-09-21T10:02:25+02:00
new ffmpeg issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7897,17 +7897,35 @@ CVE-2021-38096
 CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
 	NOT-FOR-US: Planview Spigit
 CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <ignored> (Minor issue)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+	NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <ignored> (Minor issue)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+	NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <ignored> (Minor issue)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+	NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <ignored> (Minor issue)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+	NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <ignored> (Minor issue)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+	NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2021-38089 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <ignored> (Minor issue)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0749082eb93ea02fa4b770da86597450cec84054
+	NOTE: https://trac.ffmpeg.org/ticket/8262
 CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...)
 	{DLA-2753-1}
 	- qemu 1:6.0+dfsg-3 (bug #991911)
@@ -20064,7 +20082,7 @@ CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sq
 	NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/1499cffcd7c4d635b4297b44d48fb4fe94cf988e (0.4.0)
 	NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2)
 CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...)
-	TODO: check
+	NOT-FOR-US: Flask restx
 CVE-2021-32837
 	RESERVED
 CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...)
@@ -21435,11 +21453,11 @@ CVE-2021-32301
 CVE-2021-32300
 	RESERVED
 CVE-2021-32299 (An issue was discovered in pbrt through 20200627. A stack-buffer-overf ...)
-	TODO: check
+	NOT-FOR-US: pbrt
 CVE-2021-32298 (An issue was discovered in libiff through 20190123. A global-buffer-ov ...)
-	TODO: check
+	NOT-FOR-US: libiff
 CVE-2021-32297 (An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow ...)
-	TODO: check
+	NOT-FOR-US: LIEF
 CVE-2021-32296
 	RESERVED
 CVE-2021-32295



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22432f67aad1eceac5d46751bd7615bebed8df29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22432f67aad1eceac5d46751bd7615bebed8df29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210921/abdfa7b7/attachment.htm>