[Git][security-tracker-team/security-tracker][master] ffmpeg triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon May 11 13:28:33 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eabc0dff by Moritz Muehlenhoff at 2026-05-11T14:28:06+02:00
ffmpeg triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14429,6 +14429,7 @@ CVE-2026-40962 (FFmpeg before 8.1 has an integer overflow and resultant out-of-b
 	[bullseye] - ffmpeg <postponed> (minor issue)
 	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348
 	NOTE: Fixed by: https://code.ffmpeg.org/FFmpeg/FFmpeg/commit/e392fb8c9c3949d975531d2b23c645d2465a7ebc (n8.1)
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b07fdedf940ded686ffe4e9fb221170a11ff0478 (n5.1.9)
 CVE-2026-40947 (Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey- ...)
 	- libfido2 <not-affected> (Only affects libfido2 on Windows)
 	- python-fido2 <not-affected> (Only affects python-fido2 on Windows)
@@ -16357,6 +16358,7 @@ CVE-2026-30997 (An out-of-bounds read in the read_global_param() function (libav
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue)
 	NOTE: https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f
+	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1a2c16fe514b60e1860829c42ce199de77a007e5
 CVE-2026-30813 (Improper Neutralization of Special Elements used in an SQL Command vul ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2026-30812 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eabc0dffc786f1a60390a9dcf8aabdf495ee76dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eabc0dffc786f1a60390a9dcf8aabdf495ee76dc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260511/790d29d1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list