Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3b89d0c by Moritz Muehlenhoff at 2021-10-18T22:34:54+02:00
Remove postponed tags for issues fixed in forthcoming 4.1.8 update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -81973,19 +81973,16 @@ CVE-2020-22037 (A Denial of Service vulnerability
exists in FFmpeg 4.2 due to a
CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8261
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to
MITRE
CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in get ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8262
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054
CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
at libavf ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8236
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
@@ -81998,49 +81995,41 @@ CVE-2020-22033 (A heap-based Buffer Overflow
Vulnerability exists FFmpeg 4.2 at
CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
at libavf ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8275
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8243
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8276
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
NOTE: https://trac.ffmpeg.org/ticket/8250
CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in
filter_verticall ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
NOTE: https://trac.ffmpeg.org/ticket/8274
CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2
in defl ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <ignored> (Required change too invasive, original
patch need to be completely rewritten)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
NOTE: https://trac.ffmpeg.org/ticket/8242
CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the
config_input ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
NOTE: https://trac.ffmpeg.org/ticket/8317
CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in
gaussian_blur at ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
NOTE: https://trac.ffmpeg.org/ticket/8260
CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the
lagfun_frame16 func ...)
@@ -82052,25 +82041,21 @@ CVE-2020-22024 (Buffer Overflow vulnerability in
FFmpeg 4.2 at the lagfun_frame1
CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg
4.2 in fi ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
NOTE: https://trac.ffmpeg.org/ticket/8244
CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
NOTE: https://trac.ffmpeg.org/ticket/8264
CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges
function i ...)
{DLA-2742-1}
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
NOTE: https://trac.ffmpeg.org/ticket/8240
CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the
build_diff_map func ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/8239
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at
convolution_y_10bit in ...)
@@ -82083,7 +82068,6 @@ CVE-2020-22018
RESERVED
CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at ff_ ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8309
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
@@ -84216,7 +84200,6 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in
FFmpeg 4.1 via apng_do_i
{DLA-2742-1}
[experimental] - ffmpeg 7:4.4-1
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
[stretch] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://trac.ffmpeg.org/ticket/7989
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b89d0c090dc7af01192ba7a34ead51cbdb9674
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b89d0c090dc7af01192ba7a34ead51cbdb9674
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
