[Git][security-tracker-team/security-tracker][master] ffmpeg triage for 7.1
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 22 21:56:33 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d795bf2f by Moritz Muehlenhoff at 2026-06-22T22:56:25+02:00
ffmpeg triage for 7.1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1233,8 +1233,9 @@ CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of attach
CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec library, s ...)
- ffmpeg 7:8.1.2-1
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159
- NOTE: Fixed by: https://code.ffmpeg.org/FFmpeg/FFmpeg/commit/c23d4da3128c279b714b282e6ec292e8755007e3 (master)
- NOTE: Fixed by: https://code.ffmpeg.org/FFmpeg/FFmpeg/commit/a991b3e1102824730de6b0b2afd1c7e41fbdf03d (n8.1.2)
+ NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/c23d4da3128c279b714b282e6ec292e8755007e3 (master)
+ NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a991b3e1102824730de6b0b2afd1c7e41fbdf03d (n8.1.2)
+ NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/15882781ac5267a653e4e55f5fa656ba9db688fd (n7.1.5)
CVE-2026-8039 (The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8024 (A remote, unauthenticated attacker may exploit a deserialization of un ...)
@@ -44805,6 +44806,7 @@ CVE-2026-30997 (An out-of-bounds read in the read_global_param() function (libav
[bullseye] - ffmpeg <postponed> (Minor issue)
NOTE: https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f
NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1a2c16fe514b60e1860829c42ce199de77a007e5
+ NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9abe92e3af7fa7becc8f7f742b1457b4c28220a6 (n7.1.4)
CVE-2026-30813 (Improper Neutralization of Special Elements used in an SQL Command vul ...)
NOT-FOR-US: Pandora FMS
CVE-2026-30812 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
@@ -202535,6 +202537,7 @@ CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11393
NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 (n8.0)
+ NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3a18d60f65f633bcca7916fd9c0f1d0394901438 (n7.1.5)
CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c a ...)
- ffmpeg <not-affected> (Vulnerable code introduce later)
NOTE: https://trac.ffmpeg.org/ticket/11389
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d795bf2fc88b9a7c3fbde7cda6e6a4efe6c9bb7f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d795bf2fc88b9a7c3fbde7cda6e6a4efe6c9bb7f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/32a9b729/attachment.htm>
More information about the debian-security-tracker-commits
mailing list