[Git][security-tracker-team/security-tracker][master] 2 commits: Track fix for CVE-2024-36616/ffmpeg in 4.3 branch

Fri Feb 28 18:38:13 GMT 2025


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
907379cc by Thorsten Alteholz at 2025-02-28T19:35:22+01:00
Track fix for CVE-2024-36616/ffmpeg in 4.3 branch

- - - - -
3ad8c184 by Thorsten Alteholz at 2025-02-28T19:35:29+01:00
Track fix for CVE-2024-36617/ffmpeg in 4.3 branch

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27925,11 +27925,13 @@ CVE-2024-36617 (FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpe
 	- ffmpeg 7:7.0.1-3
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7 (n7.0)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/f0e780370cc1c437d64f10d326b1d656ef490b5f (n5.1.5)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9557810a81624f222d603e0fdf3778054f8d8cc4 (n4.3.7)
 CVE-2024-36616 (An integer overflow in the component /libavformat/westwood_vqa.c of FF ...)
 	{DSA-5712-1}
 	- ffmpeg 7:7.0.1-3
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661 (n7.0)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/a8beef67993aa267de87599007143d9f0ba67c23 (n5.1.5)
+	NOTE: https://github.com/FFmpeg/FFmpeg/commit/251b3c3892e79bd9dd93a973d16c28667fde131e (n4.3.7)
 CVE-2024-36615 (FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. Thi ...)
 	- ffmpeg 7:7.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)


=====================================
data/DSA/list
=====================================
@@ -475,7 +475,7 @@
 	[bullseye] - libvpx 1.9.0-1+deb11u3
 	[bookworm] - libvpx 1.12.0-1+deb12u3
 [26 Jun 2024] DSA-5721-1 ffmpeg - security update
-	{CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2024-32230 CVE-2024-35366}
+	{CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2024-32230 CVE-2024-35366 CVE-2024-36616 CVE-2024-36617}
 	[bullseye] - ffmpeg 7:4.3.7-0+deb11u1
 [25 Jun 2024] DSA-5720-1 chromium - security update
 	{CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293 CVE-2024-9859}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93e7a40c92ebf08eef88c140057f1618f1143e43...3ad8c1842489dd67f87848699a364abd75cc1ba7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93e7a40c92ebf08eef88c140057f1618f1143e43...3ad8c1842489dd67f87848699a364abd75cc1ba7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250228/ca8a2aa8/attachment-0001.htm>
