[Git][security-tracker-team/security-tracker][master] ffmpeg fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jul 28 22:37:36 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d40807f by Moritz Muehlenhoff at 2024-07-28T23:36:16+02:00
ffmpeg fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5810,7 +5810,7 @@ CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain u
 	NOT-FOR-US: Dell
 CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size- ...)
 	{DSA-5721-1 DSA-5712-1}
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	NOTE: https://trac.ffmpeg.org/ticket/10952
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
 CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandsh ...)
@@ -5818,7 +5818,7 @@ CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_til
 	NOTE: https://trac.ffmpeg.org/ticket/10950
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a528a54ee119dcba47e7c9e30d3a56206fbad416
 CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavc ...)
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	NOTE: https://trac.ffmpeg.org/ticket/10951
@@ -28625,7 +28625,7 @@ CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (R
 CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	{DSA-5721-1 DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[buster] - ffmpeg <postponed> (Pick up when fixed in 4.1.x)
 	NOTE: https://trac.ffmpeg.org/ticket/10746
 	NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 (n7.0)
@@ -29912,13 +29912,13 @@ CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver
 CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	{DSA-5721-1 DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://trac.ffmpeg.org/ticket/10758
 	NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/68146f06f852078866b3ef1564556e3a272920c7 (n7.0)
 CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
@@ -29926,7 +29926,7 @@ CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 	NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/08bd2cbfeb34717d60ec62bcbaeb7996206df906 (n7.0)
 CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -29935,7 +29935,7 @@ CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/10749
@@ -29944,7 +29944,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	{DSA-5721-1 DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62 (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10743
@@ -29957,7 +29957,7 @@ CVE-2023-51792 (Buffer Overflow vulnerability in libde265 v1.0.12 allows a local
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/221e767136b8c46c748ae35b79ec9b976b3da301 (v1.0.13)
 CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -29968,13 +29968,13 @@ CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevent
 CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	{DSA-5721-1 DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://trac.ffmpeg.org/ticket/10702
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (n7.0)
 CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
@@ -29982,7 +29982,7 @@ CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	NOTE: https://trac.ffmpeg.org/ticket/10699
 CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -29990,7 +29990,7 @@ CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	NOTE: https://trac.ffmpeg.org/ticket/10701
 CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -30000,7 +30000,7 @@ CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a backdoor
 	NOT-FOR-US: DYMO LabelWriter Print Server
 CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
@@ -30483,7 +30483,7 @@ CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Er ...)
 	{DSA-5712-1}
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0)
@@ -30495,14 +30495,14 @@ CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a use-af
 	NOTE: https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
 CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer overflow v ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2 (n7.0)
 CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper validation o ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
 	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -30514,7 +30514,7 @@ CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer ov
 	NOTE: https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
 CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after-free  ...)
 	[experimental] - ffmpeg 7:7.0-1
-	- ffmpeg <unfixed>
+	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	[buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
@@ -239758,7 +239758,6 @@ CVE-2021-33817
 CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...)
 	- dolibarr <removed>
 CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...)
-	[experimental] - ffmpeg <unfixed>
 	- ffmpeg <not-affected> (Vulnerable code not present, introduced in cc85ca1cb34)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
 CVE-2021-33814



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d40807f78ed0a474accf1e2461a6a14a343a5eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d40807f78ed0a474accf1e2461a6a14a343a5eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240728/4961c880/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list