Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
256dda50 by Sylvain Beucler at 2022-11-03T17:50:51+01:00
DLA-3010-1/ffmpeg: reference 3 CVEs
- - - - -
fd3d2462 by Sylvain Beucler at 2022-11-03T17:55:14+01:00
CVE-2020-20896/ffmpeg: fix stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -163887,10 +163887,10 @@ CVE-2020-21689
CVE-2020-21688 (A heap-use-after-free in the av_freep function in
libavutil/mem.c of F ...)
{DSA-5126-1 DSA-4998-1}
- ffmpeg 7:4.4-5
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
(4.4)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7c9b1ed56b98eede5756d6865a10305982b4570
(4.1.9)
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299
(3.2.17)
CVE-2020-21687
RESERVED
CVE-2020-21686
@@ -165655,10 +165655,11 @@ CVE-2020-20897
CVE-2020-20896 (An issue was discovered in function latm_write_packet in
libavformat/l ...)
{DSA-5126-1}
- ffmpeg 7:4.3-2
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b
(4.3)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6fe33489be72eee8010c28165f4b12870df4c600
(4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8273
+ NOTE: Introduced in:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8b3ec51de8a04f4442297f2f835e925cab7b0597
(3.4)
CVE-2020-20895
REJECTED
CVE-2020-20894
@@ -165668,16 +165669,16 @@ CVE-2020-20893
CVE-2020-20892 (An issue was discovered in function filter_frame in
libavfilter/vf_len ...)
{DSA-5126-1}
- ffmpeg 7:4.3-2
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01
(4.3)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db
(4.1.9)
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=94e502e96b0870177e0af4c1e8718ac71475e374
(3.2.17)
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in
libavfilter/ ...)
{DSA-5126-1}
- ffmpeg 7:4.3-2
- [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab
(4.3)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5cb859665d62658d7859f345650fcb38528c4ab
(4.1.9)
+ NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f8b4426c10aa65f4c04847a50ebfdcb8782a49b7
(3.2.17)
NOTE: https://trac.ffmpeg.org/ticket/8282
CVE-2020-20890
RESERVED
=====================================
data/DLA/list
=====================================
@@ -487,7 +487,7 @@
{CVE-2022-0261 CVE-2022-0351 CVE-2022-0413 CVE-2022-0443 CVE-2022-0572
CVE-2022-1154 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621}
[stretch] - vim 2:8.0.0197-4+deb9u6
[16 May 2022] DLA-3010-1 ffmpeg - security update
- {CVE-2020-20902}
+ {CVE-2020-20902 CVE-2020-20891 CVE-2020-20892 CVE-2020-21688}
[stretch] - ffmpeg 7:3.2.18-0+deb9u1
[16 May 2022] DLA-3009-1 cifs-utils - security update
{CVE-2022-27239 CVE-2022-29869}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e85e9a9ea2d58ddf06bf31ef6ee6c15ed2a2bb91...fd3d2462654538a6b13a9536fb2e63aab7aa2c57
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e85e9a9ea2d58ddf06bf31ef6ee6c15ed2a2bb91...fd3d2462654538a6b13a9536fb2e63aab7aa2c57
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
