[Git][security-tracker-team/security-tracker][master] Add upstream tag information for some upstream commits for ffmpeg

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 17 18:15:24 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b6415b1 by Salvatore Bonaccorso at 2025-09-17T19:14:52+02:00
Add upstream tag information for some upstream commits for ffmpeg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19549,9 +19549,9 @@ CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 4.3 branch)
 	NOTE: Introduced with: https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
-	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
-	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e (n5.1.7)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07 (n8.0)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/e0c5acb3e343d1c91c0914a786ff59176d4066a2 (n7.1.2)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e (n5.1.7)
 CVE-2025-40924 (Catalyst::Plugin::Session before version 0.44 for Perl generates sessi ...)
 	- libcatalyst-plugin-session-perl 0.44-1 (bug #1109439)
 	[trixie] - libcatalyst-plugin-session-perl <no-dsa> (Minor issue)
@@ -68903,7 +68903,7 @@ CVE-2025-1594 (A vulnerability, which was classified as critical, was found in F
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
 	NOTE: https://trac.ffmpeg.org/ticket/11418
-	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/bedfb6eca402037f5cbb115fa767d106b8c14f1c
+	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/bedfb6eca402037f5cbb115fa767d106b8c14f1c (n8.0)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c2184b65d214d60f2d3df86a11ca502567a3d134 (n7.1.2)
 CVE-2025-1412 (Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalid ...)
 	- mattermost-server <itp> (bug #823556)
@@ -69698,7 +69698,7 @@ CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain
 	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://trac.ffmpeg.org/ticket/11393
-	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 (n8.0)
 CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c a ...)
 	- ffmpeg <not-affected> (Vulnerable code introduce later)
 	NOTE: https://trac.ffmpeg.org/ticket/11389
@@ -69708,7 +69708,7 @@ CVE-2025-22919 (A reachable assertion in FFmpeg git-master commit N-113007-g8d24
 	{DSA-5985-1 DLA-4073-1}
 	- ffmpeg 7:7.1.1-1
 	NOTE: https://trac.ffmpeg.org/ticket/11385
-	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1446e37d3d032e1452844778b3e6ba2c20f0c322
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1446e37d3d032e1452844778b3e6ba2c20f0c322 (n8.0)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/145a3a84550a1c3a3b848c12a64b53c3c41d2888 (n7.1.1)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a01eaecf6325cefab5b26e0d905df6662db37be1 (n5.1.7)
 CVE-2025-22888 (Movable Type contains a stored cross-site scripting vulnerability in t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6415b1a47d41ad3e6e31cfee26dbc24cdddfef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6415b1a47d41ad3e6e31cfee26dbc24cdddfef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250917/2318686d/attachment.htm>

More information about the debian-security-tracker-commits mailing list