[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-30997

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 30 21:48:55 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
758b2833 by Salvatore Bonaccorso at 2026-06-30T22:47:38+02:00
Update status for CVE-2026-30997

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51416,11 +51416,12 @@ CVE-2026-30998 (An improper resource deallocation and closure vulnerability in t
 	NOTE: Bogus CVE assignment for ffmpeg, gets cleaned up by the OS anyway
 CVE-2026-30997 (An out-of-bounds read in the read_global_param() function (libavcodec/ ...)
 	{DSA-6361-1}
-	- ffmpeg <unfixed>
-	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
+	- ffmpeg 7:8.1.1-1
 	[bullseye] - ffmpeg <postponed> (Minor issue)
 	NOTE: https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1a2c16fe514b60e1860829c42ce199de77a007e5
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6266867e7bc4106dd3f77d6d702a0499fb3254db (n8.1.1)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3c4ca300f469d657051c8584515870fe9c36aaa3 (n8.0.2)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9abe92e3af7fa7becc8f7f742b1457b4c28220a6 (n7.1.4)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/74c75e9ceacd99d20c09d09fec73c1b15ffd6172 (n5.1.9)
 CVE-2026-30813 (Improper Neutralization of Special Elements used in an SQL Command vul ...)


=====================================
data/DSA/list
=====================================
@@ -330,7 +330,7 @@
 	[bookworm] - openjpeg2 2.5.0-2+deb12u3
 	[trixie] - openjpeg2 2.5.3-2.1~deb13u2
 [15 May 2026] DSA-6276-1 ffmpeg - security update
-	{CVE-2026-40962}
+	{CVE-2026-40962 CVE-2026-30997}
 	[bookworm] - ffmpeg 7:5.1.9-0+deb12u1
 [15 May 2026] DSA-6275-1 linux - security update
 	{CVE-2026-46333}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/758b283390d06e25272a36cc6b023dff8ef6dd6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/758b283390d06e25272a36cc6b023dff8ef6dd6e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/e0ad1ed5/attachment.htm>


More information about the debian-security-tracker-commits mailing list