[Git][security-tracker-team/security-tracker][master] new ffmpeg issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad372d31 by Moritz Muehlenhoff at 2024-04-22T15:10:49+02:00
new ffmpeg issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -363,19 +363,47 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 al
 CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
 CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://trac.ffmpeg.org/ticket/10702
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (n7.0)
 CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056 (n7.0)
+	NOTE: https://trac.ffmpeg.org/ticket/10699
 CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b (n7.0)
+	NOTE: https://trac.ffmpeg.org/ticket/10701
 CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47 (n7.0)
+	NOTE: https://trac.ffmpeg.org/ticket/10700
 CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-c ...)
 	NOT-FOR-US: DYMO LabelWriter Print Server
 CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
-	TODO: check
+	[experimental] - ffmpeg 7:7.0-1
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37fdd61d19cf25df296a0cb0b75 (n7.0)
+	NOTE: https://trac.ffmpeg.org/ticket/10688
 CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
-	TODO: check
+	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+	NOTE: https://trac.ffmpeg.org/ticket/10686
 CVE-2023-49275 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
 CVE-2023-47435 (An issue in the verifyPassword function of hexo-theme-matery v2.0.0 al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad372d31aeb4c0cd6b8d198a07a6079779c3cfc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad372d31aeb4c0cd6b8d198a07a6079779c3cfc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240422/007d826d/attachment-0001.htm>