[Git][security-tracker-team/security-tracker][master] add note on ffmpeg CVE duplicate
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Sep 22 16:54:52 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0392cca1 by Moritz Muehlenhoff at 2021-09-22T17:54:19+02:00
add note on ffmpeg CVE duplicate
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18423,7 +18423,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able
CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532
CVE-2021-33579
RESERVED
@@ -77622,18 +77622,19 @@ CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8261
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
+ NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE
CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8262
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054
CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8236
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
@@ -77646,49 +77647,49 @@ CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at
CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8275
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8243
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8276
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
NOTE: https://trac.ffmpeg.org/ticket/8250
CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
NOTE: https://trac.ffmpeg.org/ticket/8274
CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <ignored> (Required change too invasive, original patch need to be completely rewritten)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
NOTE: https://trac.ffmpeg.org/ticket/8242
CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
NOTE: https://trac.ffmpeg.org/ticket/8317
CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
NOTE: https://trac.ffmpeg.org/ticket/8260
CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
@@ -77700,25 +77701,25 @@ CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame1
CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
NOTE: https://trac.ffmpeg.org/ticket/8244
CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
NOTE: https://trac.ffmpeg.org/ticket/8264
CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
{DLA-2742-1}
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
NOTE: https://trac.ffmpeg.org/ticket/8240
CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8239
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...)
@@ -77731,7 +77732,7 @@ CVE-2020-22018
RESERVED
CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8309
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
@@ -78382,7 +78383,7 @@ CVE-2020-21698
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
- ffmpeg 7:4.4-5
[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8188
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
CVE-2020-21696
@@ -78404,7 +78405,7 @@ CVE-2020-21689
CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
- ffmpeg 7:4.4-5
[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
CVE-2020-21687
@@ -79826,8 +79827,8 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_i
{DLA-2742-1}
[experimental] - ffmpeg 7:4.4-1
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
- [stretch] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
+ [stretch] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/7989
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba
CVE-2020-21040
@@ -80116,19 +80117,20 @@ CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5)
CVE-2020-20901 (Buffer Overflow vulnerability in function filter_frame in libavfilter/ ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=07050d7bdc32d82e53ee5bb727f5882323d00dba (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8264
CVE-2020-20900 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/de598f82f8c3f8000e1948548e8088148e2b1f44 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8275
CVE-2020-20899 (Buffer Overflow vulnerability in function config_props in libavfilter/ ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8261
+ NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE
CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...)
- ffmpeg 7:4.3-2
[buster] - ffmpeg <ignored> (Minor issue)
@@ -80136,27 +80138,27 @@ CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in l
NOTE: https://trac.ffmpeg.org/ticket/8263
CVE-2020-20897 (Buffer Overflow vulnerability in function filter_slice in libavfilter/ ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0749082eb93ea02fa4b770da86597450cec84054 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8262
CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8273
CVE-2020-20895 (Buffer Overflow vulnerability in function filter_vertically_##name in ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f069a9c2a65bc20c3462127623127df6dfd06c5b (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8274
CVE-2020-20894 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8260
CVE-2020-20893 (Buffer Overflow vulnerability in function activate in libavfilter/af_a ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/e1b89c76f66343d1b495165664647317c66764bb (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8276
CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
@@ -80166,7 +80168,7 @@ CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.7)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8282
CVE-2020-20890
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0392cca1e9ec617b717ec441f248db93ec6a4602
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0392cca1e9ec617b717ec441f248db93ec6a4602
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210922/2b16f89d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list