[Git][security-tracker-team/security-tracker][master] 2 commits: DLA-3010-1/ffmpeg: reference 3 CVEs
Sylvain Beucler (@beuc)
beuc at debian.org
Thu Nov 3 17:11:57 GMT 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
256dda50 by Sylvain Beucler at 2022-11-03T17:50:51+01:00
DLA-3010-1/ffmpeg: reference 3 CVEs
- - - - -
fd3d2462 by Sylvain Beucler at 2022-11-03T17:55:14+01:00
CVE-2020-20896/ffmpeg: fix stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -163887,10 +163887,10 @@ CVE-2020-21689
CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
{DSA-5126-1 DSA-4998-1}
- ffmpeg 7:4.4-5
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 (4.4)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7c9b1ed56b98eede5756d6865a10305982b4570 (4.1.9)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299 (3.2.17)
CVE-2020-21687
RESERVED
CVE-2020-21686
@@ -165655,10 +165655,11 @@ CVE-2020-20897
CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
{DSA-5126-1}
- ffmpeg 7:4.3-2
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code introduced later)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6fe33489be72eee8010c28165f4b12870df4c600 (4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8273
+ NOTE: Introduced in: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8b3ec51de8a04f4442297f2f835e925cab7b0597 (3.4)
CVE-2020-20895
REJECTED
CVE-2020-20894
@@ -165668,16 +165669,16 @@ CVE-2020-20893
CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
{DSA-5126-1}
- ffmpeg 7:4.3-2
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db (4.1.9)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=94e502e96b0870177e0af4c1e8718ac71475e374 (3.2.17)
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
{DSA-5126-1}
- ffmpeg 7:4.3-2
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5cb859665d62658d7859f345650fcb38528c4ab (4.1.9)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f8b4426c10aa65f4c04847a50ebfdcb8782a49b7 (3.2.17)
NOTE: https://trac.ffmpeg.org/ticket/8282
CVE-2020-20890
RESERVED
=====================================
data/DLA/list
=====================================
@@ -487,7 +487,7 @@
{CVE-2022-0261 CVE-2022-0351 CVE-2022-0413 CVE-2022-0443 CVE-2022-0572 CVE-2022-1154 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621}
[stretch] - vim 2:8.0.0197-4+deb9u6
[16 May 2022] DLA-3010-1 ffmpeg - security update
- {CVE-2020-20902}
+ {CVE-2020-20902 CVE-2020-20891 CVE-2020-20892 CVE-2020-21688}
[stretch] - ffmpeg 7:3.2.18-0+deb9u1
[16 May 2022] DLA-3009-1 cifs-utils - security update
{CVE-2022-27239 CVE-2022-29869}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e85e9a9ea2d58ddf06bf31ef6ee6c15ed2a2bb91...fd3d2462654538a6b13a9536fb2e63aab7aa2c57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e85e9a9ea2d58ddf06bf31ef6ee6c15ed2a2bb91...fd3d2462654538a6b13a9536fb2e63aab7aa2c57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221103/024898d5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list