[Git][security-tracker-team/security-tracker][master] Add information for CVE-2020-24995/ffmpeg

Sat, 03 Apr 2021 06:49:33 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f7015582 by Salvatore Bonaccorso at 2021-04-03T15:48:56+02:00
Add information for CVE-2020-24995/ffmpeg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41852,7 +41852,14 @@ CVE-2020-24996 (There is an invalid memory access in 
the function TextString::~T
        - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
        NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
 CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function 
in aacde ...)
-       TODO: check
+       - ffmpeg <undetermined>
+       NOTE: https://trac.ffmpeg.org/ticket/8845
+       NOTE: https://trac.ffmpeg.org/ticket/8859
+       NOTE: https://trac.ffmpeg.org/ticket/8860
+       NOTE: Support for 22.2 / channel_config 13 introduced in:
+       NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+       NOTE: Fixed by: 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+       TODO: check if issue introduced only when introducign support for 
Support for 22.2 / channel_config 13
 CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c 
in liba ...)
        - libass 1:0.15.0-1
        [buster] - libass <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7015582e68f5b0c709ea531e52543900eee309d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7015582e68f5b0c709ea531e52543900eee309d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to