[Git][security-tracker-team/security-tracker][master] tcpreplay unimportant

Wed Sep 22 11:16:52 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa7f58eb by Moritz Muehlenhoff at 2021-09-22T12:16:12+02:00
tcpreplay unimportant
new ffmpeg issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75047,10 +75047,11 @@ CVE-2020-23275
 CVE-2020-23274
 	RESERVED
 CVE-2020-23273 (Heap-buffer overflow in the randomize_iparp function in edit_packet.c. ...)
-	- tcpreplay 4.3.3-1
+	- tcpreplay 4.3.3-1 (unimportant)
 	NOTE: https://github.com/appneta/tcpreplay/issues/579
 	NOTE: Fixed in: https://github.com/appneta/tcpreplay/pull/588
 	NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/314ae7d70aa7630dc17dfdb06edacb131fa8fa99 (v4.3.3-beta1)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-23272
 	RESERVED
 CVE-2020-23271
@@ -80081,13 +80082,26 @@ CVE-2020-20904
 CVE-2020-20903
 	RESERVED
 CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <ignored> (Minor issue)
+	NOTE: https://trac.ffmpeg.org/ticket/8176
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22
 CVE-2020-20901 (Buffer Overflow vulnerability in function filter_frame in libavfilter/ ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
+	NOTE: https://trac.ffmpeg.org/ticket/8264
 CVE-2020-20900 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/de598f82f8c3f8000e1948548e8088148e2b1f44
+	NOTE: https://trac.ffmpeg.org/ticket/8275
 CVE-2020-20899 (Buffer Overflow vulnerability in function config_props in libavfilter/ ...)
-	TODO: check
+	- ffmpeg 7:4.3-2
+	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
+	NOTE: https://trac.ffmpeg.org/ticket/8261
 CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...)
 	TODO: check
 CVE-2020-20897 (Buffer Overflow vulnerability in function filter_slice in libavfilter/ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa7f58ebc30fefd72899df3deddeb466e11efc9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa7f58ebc30fefd72899df3deddeb466e11efc9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210922/8cd6fdc6/attachment.htm>
