[Git][security-tracker-team/security-tracker][master] CVE-2022-3341/ffmpeg: buster postponed + fix-up version comment in other recent ffmpeg entries
Sylvain Beucler (@beuc)
beuc at debian.org
Tue Jan 3 17:46:44 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bfd67edc by Sylvain Beucler at 2023-01-03T18:45:42+01:00
CVE-2022-3341/ffmpeg: buster postponed + fix-up version comment in other recent ffmpeg entries
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10970,12 +10970,12 @@ CVE-2022-3966 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: Ultimate Member Plugin
CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg. This vu ...)
- ffmpeg <unfixed>
- [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
+ [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
[buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd
CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpeg. Th ...)
- ffmpeg <unfixed>
- [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
+ [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
[buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984
CVE-2022-45197 (Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLS ...)
@@ -23444,6 +23444,7 @@ CVE-2022-3341
RESERVED
- ffmpeg 7:5.1-1
[bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
+ [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157054
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e (n5.1)
CVE-2022-3340 (XML External Entity (XXE) vulnerability in Trellix IPS Manager prior t ...)
@@ -27909,7 +27910,7 @@ CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rt
CVE-2022-3109 (An issue was discovered in the FFmpeg package, where vp3_decode_frame ...)
- ffmpeg 7:5.1-1
[bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
+ [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 (n5.1)
CVE-2022-3108 (An issue was discovered in the Linux kernel through 5.16-rc6. kfd_pars ...)
- linux 5.16.7-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfd67edc277a558d60efe34363c18c83047ef81b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfd67edc277a558d60efe34363c18c83047ef81b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230103/3d146866/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list