[Git][security-tracker-team/security-tracker][master] Reserve DLA-3928-1 for ffmpeg
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Mon Oct 21 15:49:16 BST 2024
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e244a75c by Emilio Pozuelo Monfort at 2024-10-21T16:48:59+02:00
Reserve DLA-3928-1 for ffmpeg
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -49776,7 +49776,6 @@ CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
[experimental] - ffmpeg 7:7.0-1
- ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
- [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37fdd61d19cf25df296a0cb0b75 (n7.0)
NOTE: https://trac.ffmpeg.org/ticket/10688
@@ -50292,7 +50291,6 @@ CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after
[experimental] - ffmpeg 7:7.0-1
- ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
- [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7 (n7.0)
CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and configured ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Oct 2024] DLA-3928-1 ffmpeg - security update
+ {CVE-2023-49502 CVE-2024-7055 CVE-2024-31578}
+ [bullseye] - ffmpeg 7:4.3.8-0+deb11u1
[21 Oct 2024] DLA-3927-1 openjdk-17 - security update
{CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235}
[bullseye] - openjdk-17 17.0.13+11-1~deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -71,12 +71,6 @@ exim4 (Markus Koschany)
NOTE: 20240923: Currently testing the update. (apo)
NOTE: 20241010: Fixed some broken patches and will release soonish. (apo)
--
-ffmpeg (Emilio)
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
- NOTE: 20240911: Update prepared in git and tested, waiting for CI pipeline
- NOTE: 20240911: to support bullseye (pochu)
---
firmware-nonfree (tobi)
NOTE: 20241011: Added by Front-Desk (pochu)
NOTE: 20241011: Update to bookworm version, possibly coordinate upload of
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e244a75c834a5091fd185cf5b5246f5ff4d2c7e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e244a75c834a5091fd185cf5b5246f5ff4d2c7e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241021/01228d18/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list