[Git][security-tracker-team/security-tracker][master] Track fix for CVE-2024-35366/ffmpeg in 4.3 branch
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 25 18:22:33 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8c8c787 by Salvatore Bonaccorso at 2025-02-25T19:22:04+01:00
Track fix for CVE-2024-35366/ffmpeg in 4.3 branch
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23804,6 +23804,7 @@ CVE-2024-35366 (FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in t
- ffmpeg 7:7.0.1-3
NOTE: https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6 (n7.0)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/4db0eb4653efad967ddcf71f564fd2f1169bafcb (n5.1.5)
+ NOTE: https://github.com/ffmpeg/ffmpeg/commit/21b8fbf060e5fef52c9d6380398487486eeca2ce (n4.3.7)
CVE-2024-11992 (Absolute path traversal vulnerability in Quick.CMS, version 6.7, the e ...)
NOT-FOR-US: Quick.CMS
CVE-2024-11990 (A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could al ...)
=====================================
data/DSA/list
=====================================
@@ -469,7 +469,7 @@
[bullseye] - libvpx 1.9.0-1+deb11u3
[bookworm] - libvpx 1.12.0-1+deb12u3
[26 Jun 2024] DSA-5721-1 ffmpeg - security update
- {CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2024-32230}
+ {CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2024-32230 CVE-2024-35366}
[bullseye] - ffmpeg 7:4.3.7-0+deb11u1
[25 Jun 2024] DSA-5720-1 chromium - security update
{CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293 CVE-2024-9859}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c8c7879d1c6694f732e99cc8dacfa3891fa01d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c8c7879d1c6694f732e99cc8dacfa3891fa01d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250225/a8ee0600/attachment.htm>
More information about the debian-security-tracker-commits
mailing list