[Git][security-tracker-team/security-tracker][master] DSA-5126-1/ffmpeg: reference fixed CVEs

Sylvain Beucler (@beuc) beuc at debian.org
Tue Jul 19 11:42:46 BST 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6bbce2f2 by Sylvain Beucler at 2022-07-19T12:41:20+02:00
DSA-5126-1/ffmpeg: reference fixed CVEs

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -78043,8 +78043,8 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able
 CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.9)
-	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532 (4.3)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/97ee4a451b5b1eb0010664b4a8c048d6c8c06a8a (4.1.9)
 CVE-2021-33579
 	RESERVED
 CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities  ...)
@@ -139173,10 +139173,10 @@ CVE-2020-21698
 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
 	{DSA-4998-1}
 	- ffmpeg 7:4.4-5
-	[buster] - ffmpeg <postponed> (Wait for 4.1.9)
 	[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://trac.ffmpeg.org/ticket/8188
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 (4.4)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=010281ed230454042abf8b88696678c669a0f279 (4.1.9)
 CVE-2020-21696
 	RESERVED
 CVE-2020-21695
@@ -139196,10 +139196,10 @@ CVE-2020-21689
 CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
 	{DSA-4998-1}
 	- ffmpeg 7:4.4-5
-	[buster] - ffmpeg <postponed> (Wait for 4.1.9)
 	[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://trac.ffmpeg.org/ticket/8186
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 (4.4)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7c9b1ed56b98eede5756d6865a10305982b4570 (4.1.9)
 CVE-2020-21687
 	RESERVED
 CVE-2020-21686
@@ -140959,9 +140959,9 @@ CVE-2020-20897
 	REJECTED
 CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.9)
 	[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6fe33489be72eee8010c28165f4b12870df4c600 (4.1.9)
 	NOTE: https://trac.ffmpeg.org/ticket/8273
 CVE-2020-20895
 	REJECTED
@@ -140971,15 +140971,15 @@ CVE-2020-20893
 	REJECTED
 CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <ignored> (Minor issue)
 	[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db (4.1.9)
 	NOTE: https://trac.ffmpeg.org/ticket/8265
 CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.9)
 	[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5cb859665d62658d7859f345650fcb38528c4ab (4.1.9)
 	NOTE: https://trac.ffmpeg.org/ticket/8282
 CVE-2020-20890
 	RESERVED


=====================================
data/DSA/list
=====================================
@@ -210,6 +210,7 @@
 	{CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048 CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29582}
 	[bullseye] - linux 5.10.113-1
 [01 May 2022] DSA-5126-1 ffmpeg - security update
+	{CVE-2020-20891 CVE-2020-20892 CVE-2020-20896 CVE-2020-21688 CVE-2020-21697 CVE-2021-3566}
 	[buster] - ffmpeg 7:4.1.9-0+deb10u1
 [27 Apr 2022] DSA-5125-1 chromium - security update
 	{CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bbce2f2dcea64c0b25f412188edd3956f09d0ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bbce2f2dcea64c0b25f412188edd3956f09d0ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220719/63371755/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list