[Git][security-tracker-team/security-tracker][master] remove entries for ffmpeg issues fixed in 4.1.7

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 22 16:49:15 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fcc9091 by Moritz Muehlenhoff at 2021-09-22T17:49:04+02:00
remove entries for ffmpeg issues fixed in 4.1.7

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7819,7 +7819,6 @@ CVE-2021-38172
 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not  ...)
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	[stretch] - ffmpeg <postponed> (Wait to be fixed in buster first)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
 CVE-2021-38170
@@ -7960,7 +7959,6 @@ CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return va
 	{DLA-2742-1}
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
 CVE-2021-3687
 	RESERVED
@@ -48613,13 +48611,12 @@ CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.ph
 CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds  ...)
 	{DLA-2537-1}
 	- ffmpeg 7:4.3.1-6 (bug #979999)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3
 CVE-2020-35964 (track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bo ...)
 	- ffmpeg 7:4.3.1-6 (bug #980000)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622
@@ -77642,7 +77639,6 @@ CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
 CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...)
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8246
 	NOTE: https://trac.ffmpeg.org/ticket/8241
@@ -77727,7 +77723,6 @@ CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_ma
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in  ...)
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8246
 	NOTE: https://trac.ffmpeg.org/ticket/8241
@@ -77743,13 +77738,11 @@ CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2
 CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.2.2-1
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/8183
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <ignored> (Minor issue)
 	NOTE: https://trac.ffmpeg.org/ticket/8190
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46
 CVE-2020-22014


=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ chromium
 --
 djvulibre
 --
+ffmpeg/oldstable (jmm)
+--
 icu
 --
 linux (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fcc90913c9a5a520de7b741673d36891d782414

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fcc90913c9a5a520de7b741673d36891d782414
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210922/8b9d41ff/attachment.htm>

More information about the debian-security-tracker-commits mailing list