[Git][security-tracker-team/security-tracker][master] Reserve DLA-4241-1 for ffmpeg

Adrian Bunk (@bunk) bunk at debian.org
Mon Jul 14 12:19:46 BST 2025 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfde5ccc by Adrian Bunk at 2025-07-14T14:19:31+03:00
Reserve DLA-4241-1 for ffmpeg

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -62239,14 +62239,12 @@ CVE-2024-12970 (Improper Neutralization of Special Elements used in an OS Comman
 CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This vulnerability ...)
 	- ffmpeg 7:7.1.1-1
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
-	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf (master)
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/c3c7ecfe48d464a0b06564f2e92504b1d9c91d69 (n7.1.1)
 CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows unexpected addit ...)
 	- ffmpeg 7:7.1.1-1
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
-	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31 (master)
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/b753bac08f6881b2d3dea8f1ab84c81550f35897 (n7.1.1)
@@ -62254,7 +62252,6 @@ CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability allo
 	- ffmpeg <unfixed>
 	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
-	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2253172
 CVE-2024-56769 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	{DLA-4076-1 DLA-4075-1}
@@ -63467,7 +63464,6 @@ CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This vulnerabi
 CVE-2023-6602 (A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows po ...)
 	- ffmpeg 7:7.1.1-1
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
-	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334338
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31 (master)
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/b753bac08f6881b2d3dea8f1ab84c81550f35897 (n7.1.1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[14 Jul 2025] DLA-4241-1 ffmpeg - security update
+	{CVE-2023-6601 CVE-2023-6602 CVE-2023-6604 CVE-2023-6605}
+	[bullseye] - ffmpeg 7:4.3.9-0+deb11u1
 [12 Jul 2025] DLA-4240-1 redis - security update
 	{CVE-2025-32023 CVE-2025-48367}
 	[bullseye] - redis 5:6.0.16-1+deb11u7


=====================================
data/dla-needed.txt
=====================================
@@ -91,10 +91,6 @@ erlang
 fastdds
   NOTE: 20250303: Added by Front-Desk (rouca)
 --
-ffmpeg (Adrian Bunk)
-  NOTE: 20250629: Added by coordinator (santiago)
-  NOTE: 20250629: There was a 4.3.9 security release (but all these security issues fixed in ffmpeg don't usually get CVE IDs assigned) (santiago)
---
 firmware-nonfree
   NOTE: 20241011: Added by Front-Desk (pochu)
   NOTE: 20241011: Update to bookworm version, possibly coordinate upload of



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfde5ccced6aa887da77b2ae10aa3683cb9f3a39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfde5ccced6aa887da77b2ae10aa3683cb9f3a39
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250714/4e5e71dd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list