[Git][security-tracker-team/security-tracker][master] new ffmpeg issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 18 12:52:31 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0cc056ba by Moritz Muehlenhoff at 2024-04-18T13:51:59+02:00
new ffmpeg issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -217,17 +217,35 @@ CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload vulnerability.)
CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Er ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
+ [buster] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0)
+ NOTE: Introduced by https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1)
CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a use-after-fr ...)
TODO: check
CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer overflow v ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+ NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2 (n7.0)
CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper validation o ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+ NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...)
TODO: check
CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after-free ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+ NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7
CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and configured ...)
TODO: check
CVE-2024-31041 (Null Pointer Dereference vulnerability in topic_filtern function in mq ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc056baf3e1754446afa5144ad328417e850041
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc056baf3e1754446afa5144ad328417e850041
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240418/78d1518a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list