Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
401821e5 by Moritz Muehlenhoff at 2020-07-07T20:08:23+02:00
ffmpeg updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3248,7 +3248,10 @@ CVE-2020-14213 (In Zammad before 3.3.1, a Customer has
ticket access that should
- zammad <itp> (bug #841355)
CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in
avio_get_str in ...)
- ffmpeg <unfixed>
+ [buster] - ffmpeg <not-affected> (Vulnerable code not present)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8716
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
CVE-2020-14211
RESERVED
CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow
reflected ...)
@@ -45142,7 +45145,6 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based
buffer overflow in LZ4_write32
CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in
vqa_decode_chunk ...)
{DLA-2021-1}
- ffmpeg 7:4.2.1-1
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x
branch)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
- libav <removed>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
@@ -45170,7 +45172,6 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a
heap-based buffer overflow in
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c
allows a NUL ...)
- ffmpeg 7:4.2.1-1 (low)
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x
branch)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
- libav <removed> (low)
[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
@@ -59007,7 +59008,6 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16,
ComplexImages in MagickCore/fourier
NOTE: which seems to be the actual patch for this issue.
CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at
adx_write_trailer in l ...)
- ffmpeg 7:4.2.1-1 (low; bug #932535)
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x
branch)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
NOTE: https://trac.ffmpeg.org/ticket/7979
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401821e558bf43a919d0c6fd60197f9ce6921ede
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401821e558bf43a919d0c6fd60197f9ce6921ede
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
