[Git][security-tracker-team/security-tracker][master] Add commit references for CVE-2024-3536{7,8}/ffmpeg in 5.1.y branch

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fed26b4 by Salvatore Bonaccorso at 2025-08-14T23:51:02+02:00
Add commit references for CVE-2024-3536{7,8}/ffmpeg in 5.1.y branch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81028,11 +81028,13 @@ CVE-2024-35368 (FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_
 	- ffmpeg 7:7.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c (n7.1)
+	NOTE: https://github.com/ffmpeg/ffmpeg/commit/d45964ac04a83f02cb6ddc63af6d0b646c7d9082 (n5.1.7)
 CVE-2024-35367 (FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_alti ...)
 	{DLA-4039-1}
 	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 (n7.0)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/1a874e645d4a0adef9b494482fc67d12d35395cd (n5.1.7)
 CVE-2024-35366 (FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the par ...)
 	{DSA-5721-1 DSA-5712-1}
 	- ffmpeg 7:7.0.1-3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fed26b4c71be252531111beda2372fff3b658f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fed26b4c71be252531111beda2372fff3b658f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250814/b51c04ca/attachment.htm>