[Git][security-tracker-team/security-tracker][master] 2 commits: Add patch link for CVE-2026-30997

Daniel Leidert (@dleidert) dleidert at debian.org
Tue Jun 30 01:25:29 BST 2026



Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03d2ddc5 by Daniel Leidert at 2026-06-30T02:08:43+02:00
Add patch link for CVE-2026-30997

It appears that CVE-2026-30997 was already fixed with ffmpeg/7:5.1.9-0+deb12u1.

- - - - -
35f6ab66 by Daniel Leidert at 2026-06-30T02:24:00+02:00
Add patch link for CVE-2026-8461/ffmpeg for the 5.1 series

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7113,6 +7113,7 @@ CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec libra
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/c23d4da3128c279b714b282e6ec292e8755007e3 (master)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a991b3e1102824730de6b0b2afd1c7e41fbdf03d (n8.1.2)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/15882781ac5267a653e4e55f5fa656ba9db688fd (n7.1.5)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0216a4847e6adb922c22ad18abb8b223c6290416 (n5.1.10)
 CVE-2026-8039 (The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8024 (A remote, unauthenticated attacker may exploit a deserialization of un ...)
@@ -50797,6 +50798,7 @@ CVE-2026-30997 (An out-of-bounds read in the read_global_param() function (libav
 	NOTE: https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1a2c16fe514b60e1860829c42ce199de77a007e5
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9abe92e3af7fa7becc8f7f742b1457b4c28220a6 (n7.1.4)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/74c75e9ceacd99d20c09d09fec73c1b15ffd6172 (n5.1.9)
 CVE-2026-30813 (Improper Neutralization of Special Elements used in an SQL Command vul ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2026-30812 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8206fde3ff3c61c58ca3804a0e4fd1ea7eb9074e...35f6ab664e63535c2133ca795c55f515a3ab843a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8206fde3ff3c61c58ca3804a0e4fd1ea7eb9074e...35f6ab664e63535c2133ca795c55f515a3ab843a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/16a43375/attachment.htm>


More information about the debian-security-tracker-commits mailing list