[Git][security-tracker-team/security-tracker][master] new ffmpeg issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 22 13:53:34 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e3399c9 by Moritz Muehlenhoff at 2024-04-22T14:48:58+02:00
new ffmpeg issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -317,19 +317,49 @@ CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver
 CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...)
 	NOT-FOR-US: Arm
 CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://trac.ffmpeg.org/ticket/10758
 CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://trac.ffmpeg.org/ticket/10756
 CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
+	NOTE: https://trac.ffmpeg.org/ticket/10753
+	NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19 (n7.0)
+	NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/45dc668aea0edac34969b5a1ff76cf9ad3a09be1 (n5.0)
 CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
+	NOTE: https://trac.ffmpeg.org/ticket/10749
+	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0)
+	NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1)
 CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62 (n7.0)
+	NOTE: https://trac.ffmpeg.org/ticket/10743
 CVE-2023-51792 (Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attac ...)
 	TODO: check
 CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://trac.ffmpeg.org/ticket/10738
+	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/fb54c89a0df3d63198678b17d64aef4dbb599109 (n7.0)
 CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
 CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3399c9b21eb04b7a36dfbe33e08a7a09c14535

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3399c9b21eb04b7a36dfbe33e08a7a09c14535
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240422/a3ae2ce6/attachment.htm>

More information about the debian-security-tracker-commits mailing list