[Git][security-tracker-team/security-tracker][master] Reserve DLA-3928-1 for ffmpeg

Mon Oct 21 15:49:16 BST 2024


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e244a75c by Emilio Pozuelo Monfort at 2024-10-21T16:48:59+02:00
Reserve DLA-3928-1 for ffmpeg

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -49776,7 +49776,6 @@ CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
-	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37fdd61d19cf25df296a0cb0b75 (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10688
@@ -50292,7 +50291,6 @@ CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after
 	[experimental] - ffmpeg 7:7.0-1
 	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
-	[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	[buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
 	NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7 (n7.0)
 CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and configured ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Oct 2024] DLA-3928-1 ffmpeg - security update
+	{CVE-2023-49502 CVE-2024-7055 CVE-2024-31578}
+	[bullseye] - ffmpeg 7:4.3.8-0+deb11u1
 [21 Oct 2024] DLA-3927-1 openjdk-17 - security update
 	{CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235}
 	[bullseye] - openjdk-17 17.0.13+11-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -71,12 +71,6 @@ exim4 (Markus Koschany)
   NOTE: 20240923: Currently testing the update. (apo)
   NOTE: 20241010: Fixed some broken patches and will release soonish. (apo)
 --
-ffmpeg (Emilio)
-  NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
-  NOTE: 20240911: Update prepared in git and tested, waiting for CI pipeline
-  NOTE: 20240911: to support bullseye (pochu)
---
 firmware-nonfree (tobi)
   NOTE: 20241011: Added by Front-Desk (pochu)
   NOTE: 20241011: Update to bookworm version, possibly coordinate upload of



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e244a75c834a5091fd185cf5b5246f5ff4d2c7e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e244a75c834a5091fd185cf5b5246f5ff4d2c7e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241021/01228d18/attachment-0001.htm>
