[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36613/ffmpeg

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
434d5c8e by Salvatore Bonaccorso at 2025-01-03T22:02:12+01:00
Add CVE-2024-36613/ffmpeg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,7 +49,12 @@ CVE-2024-48814 (SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote
 CVE-2024-41780 (IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could   could allow a phys ...)
 	NOT-FOR-US: IBM
 CVE-2024-36613 (FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavforma ...)
-	TODO: check
+	- ffmpeg 7:7.0.1-3
+	[bookworm] - ffmpeg 7:5.1.5-0+deb12u1
+	[bullseye] - ffmpeg 7:4.3.7-0+deb11u1
+	NOTE: Fixed by: https://github.com/ffmpeg/ffmpeg/commit/50d8e4f27398fd5778485a827d7a2817921f8540 (n7.0)
+	NOTE: Fixed by: https://github.com/ffmpeg/ffmpeg/commit/1f6fcc64179377114b4ecc3b9f63bd5774a64edf (n5.1.5)
+	NOTE: Fixed by: https://github.com/ffmpeg/ffmpeg/commit/42f495fbe1b32c316103f52732ce6726bc032227 (n4.3.7)
 CVE-2024-35365 (FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/f ...)
 	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434d5c8ec4b8e4224eb1a72c5272986dbe46d526

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434d5c8ec4b8e4224eb1a72c5272986dbe46d526
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250103/e2af2a7f/attachment-0001.htm>