[Git][security-tracker-team/security-tracker][master] Triage various ffmpeg issues as n/a
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Fri Sep 6 10:08:07 BST 2024
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5541c3c2 by Emilio Pozuelo Monfort at 2024-09-06T11:07:22+02:00
Triage various ffmpeg issues as n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6280,6 +6280,7 @@ CVE-2024-7399 (Improper limitation of a pathname to a restricted directory vulne
CVE-2024-7272 (A vulnerability, which was classified as critical, was found in FFmpeg ...)
{DSA-5748-1}
- ffmpeg 7:6.0-4
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code introduced later)
NOTE: https://trac.ffmpeg.org/ticket/9908
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 (n6.0)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a937b3c58babae893fb46b286a4792cd24a01d3d (n5.1.6)
@@ -39814,9 +39815,9 @@ CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
[experimental] - ffmpeg 7:7.0-1
- ffmpeg 7:7.0.1-3
- [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
- [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
- [buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
+ [bookworm] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ [buster] - ffmpeg <not-affected> (Vulnerable code introduced later)
NOTE: https://trac.ffmpeg.org/ticket/10756
NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/08bd2cbfeb34717d60ec62bcbaeb7996206df906 (n7.0)
CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
@@ -39870,9 +39871,9 @@ CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...)
[experimental] - ffmpeg 7:7.0-1
- ffmpeg 7:7.0.1-3
- [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
- [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
- [buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
+ [bookworm] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ [buster] - ffmpeg <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056 (n7.0)
NOTE: https://trac.ffmpeg.org/ticket/10699
CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...)
@@ -39904,9 +39905,9 @@ CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...)
[experimental] - ffmpeg 7:7.0-1
- ffmpeg 7:7.0.1-3
- [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
- [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
- [buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
+ [bookworm] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ [buster] - ffmpeg <not-affected> (Vulnerable code introduced later)
NOTE: https://trac.ffmpeg.org/ticket/10686
NOTE: https://github.com/FFmpeg/FFmpeg/commit/4adb93dff05dd947878c67784d98c9a4e13b57a7 (n7.0)
CVE-2023-49275 (Wazuh is a free and open source platform used for threat prevention, d ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5541c3c243ad02eccd17e5ee71a589026487b4be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5541c3c243ad02eccd17e5ee71a589026487b4be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240906/68848135/attachment.htm>
More information about the debian-security-tracker-commits
mailing list