[Git][security-tracker-team/security-tracker][master] ffmpeg triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 17 11:12:21 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e6460d3 by Moritz Muehlenhoff at 2025-09-17T12:11:57+02:00
ffmpeg triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2633,9 +2633,9 @@ CVE-2025-39792 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/2df7168717b7d2d32bcf017c68be16e4aae9dd13 (6.17-rc1)
 CVE-2025-10256
 	- ffmpeg <unfixed>
-	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/a25462482c02c004d685a8fcf2fa63955aaa0931 (n8.0)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/0e8ccde9e5c9daa081eb4c037d83350390c9aa2b (n7.1.2)
 	NOTE: Introduced in: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a (n3.2)
 CVE-2025-9881 (The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
@@ -19541,11 +19541,11 @@ CVE-2024-6234
 CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)]
 	{DSA-5985-1}
 	- ffmpeg <unfixed>
-	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 4.3 branch)
 	NOTE: Introduced with: https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e (n5.1.7)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/e0c5acb3e343d1c91c0914a786ff59176d4066a2 (n7.1.2)
 CVE-2025-40924 (Catalyst::Plugin::Session before version 0.44 for Perl generates sessi ...)
 	- libcatalyst-plugin-session-perl 0.44-1 (bug #1109439)
 	[trixie] - libcatalyst-plugin-session-perl <no-dsa> (Minor issue)
@@ -68892,12 +68892,12 @@ CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information Technol
 	NOT-FOR-US: Anhui Xufan Information Technology EasyCVR
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in FFmpeg ...)
 	- ffmpeg <unfixed>
-	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
 	NOTE: https://trac.ffmpeg.org/ticket/11418
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/bedfb6eca402037f5cbb115fa767d106b8c14f1c
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c2184b65d214d60f2d3df86a11ca502567a3d134 (n7.1.2)
 CVE-2025-1412 (Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalid ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-55898 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to ...)
@@ -69691,7 +69691,7 @@ CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain
 	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://trac.ffmpeg.org/ticket/11393
-	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57q
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57
 CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c a ...)
 	- ffmpeg <not-affected> (Vulnerable code introduce later)
 	NOTE: https://trac.ffmpeg.org/ticket/11389



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6460d3babfe695f0e65cabb81576ecf5d97f1a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6460d3babfe695f0e65cabb81576ecf5d97f1a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250917/f91bdf07/attachment.htm>

More information about the debian-security-tracker-commits mailing list