[Git][security-tracker-team/security-tracker][master] Add CVE-2026-12706/ffmpeg
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 19 21:33:48 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96a1e71b by Salvatore Bonaccorso at 2026-06-19T22:33:15+02:00
Add CVE-2026-12706/ffmpeg
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -122,7 +122,14 @@ CVE-2026-34192 (Software installed and run as a non-privileged user may conduct
CVE-2026-21768 (The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for An ...)
NOT-FOR-US: HCL
CVE-2026-12706 (A use-after-free vulnerability was found in FFmpeg's RASC video decode ...)
- TODO: check
+ - ffmpeg 7:8.1.1-1
+ [trixie] - ffmpeg 7:7.1.4-0+deb13u1
+ [bookworm] - ffmpeg 7:5.1.9-0+deb12u1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2490710
+ NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22992
+ NOTE: Fixed by: https://code.ffmpeg.org/FFmpeg/FFmpeg/commit/102c590a5f5c38fdbb2368672abda608727874dc (n8.1.1)
+ NOTE: Fixed by: https://code.ffmpeg.org/FFmpeg/FFmpeg/commit/969e4ddf34f36d93d9b1dbafc5fec44e0e08e494 (n7.1.4)
+ NOTE: Fixed by: https://code.ffmpeg.org/FFmpeg/FFmpeg/commit/0db9de2219a46884777576a7a40037489be986b4 (n5.1.9)
CVE-2026-12622 (The GridTime 3000 GNSS Time Server has an open redirect vulnerability ...)
NOT-FOR-US: Microchip
CVE-2026-12621 (Improper neutralization of input during web page generation XSS vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96a1e71bb5f5f10b565b24f450de452e545bfaad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96a1e71bb5f5f10b565b24f450de452e545bfaad
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/d78f3bbc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list