Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d40807f by Moritz Muehlenhoff at 2024-07-28T23:36:16+02:00
ffmpeg fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5810,7 +5810,7 @@ CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x
through 9.7.0.0 contain u
NOT-FOR-US: Dell
CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a
negative-size- ...)
{DSA-5721-1 DSA-5712-1}
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
NOTE: https://trac.ffmpeg.org/ticket/10952
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at
libavfilter/vf_tiltandsh ...)
@@ -5818,7 +5818,7 @@ CVE-2024-32229 (FFmpeg 7.0 contains a
heap-buffer-overflow at libavfilter/vf_til
NOTE: https://trac.ffmpeg.org/ticket/10950
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a528a54ee119dcba47e7c9e30d3a56206fbad416
CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV
at libavc ...)
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
NOTE: https://trac.ffmpeg.org/ticket/10951
@@ -28625,7 +28625,7 @@ CVE-2024-0740 (Eclipse Target Management: Terminal and
Remote System Explorer (R
CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
{DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[buster] - ffmpeg <postponed> (Pick up when fixed in 4.1.x)
NOTE: https://trac.ffmpeg.org/ticket/10746
NOTE: Fixed in
https://github.com/ffmpeg/FFmpeg/commit/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07
(n7.0)
@@ -29912,13 +29912,13 @@ CVE-2024-0671 (Use After Free vulnerability in Arm
Ltd Midgard GPU Kernel Driver
CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
{DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
NOTE: https://trac.ffmpeg.org/ticket/10758
NOTE: Fixed in
https://github.com/ffmpeg/FFmpeg/commit/68146f06f852078866b3ef1564556e3a272920c7
(n7.0)
CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
@@ -29926,7 +29926,7 @@ CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg
v.N113007-g8d24a28d06 al
NOTE: Fixed in
https://github.com/ffmpeg/FFmpeg/commit/08bd2cbfeb34717d60ec62bcbaeb7996206df906
(n7.0)
CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -29935,7 +29935,7 @@ CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg
v.N113007-g8d24a28d06 al
CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
{DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/10749
@@ -29944,7 +29944,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg
v.N113007-g8d24a28d06 al
CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
{DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
NOTE: Fixed in
https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62
(n7.0)
NOTE: https://trac.ffmpeg.org/ticket/10743
@@ -29957,7 +29957,7 @@ CVE-2023-51792 (Buffer Overflow vulnerability in
libde265 v1.0.12 allows a local
NOTE: Fixed by:
https://github.com/strukturag/libde265/commit/221e767136b8c46c748ae35b79ec9b976b3da301
(v1.0.13)
CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -29968,13 +29968,13 @@ CVE-2023-50260 (Wazuh is a free and open source
platform used for threat prevent
CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
{DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
NOTE: https://trac.ffmpeg.org/ticket/10702
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a
(n7.0)
CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
@@ -29982,7 +29982,7 @@ CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg
v.n6.1-3-g466799d4f5 all
NOTE: https://trac.ffmpeg.org/ticket/10699
CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -29990,7 +29990,7 @@ CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg
v.n6.1-3-g466799d4f5 all
NOTE: https://trac.ffmpeg.org/ticket/10701
CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -30000,7 +30000,7 @@ CVE-2023-49963 (DYMO LabelWriter Print Server through
2.366 contains a backdoor
NOT-FOR-US: DYMO LabelWriter Print Server
CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
@@ -30483,7 +30483,7 @@ CVE-2024-32130 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an
Off-by-one Er ...)
{DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
(n7.0)
@@ -30495,14 +30495,14 @@ CVE-2024-31583 (Pytorch before version v2.2.0 was
discovered to contain a use-af
NOTE:
https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer
overflow v ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2
(n7.0)
CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper
validation o ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -30514,7 +30514,7 @@ CVE-2024-31580 (PyTorch before v2.2.0 was discovered to
contain a heap buffer ov
NOTE:
https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap
use-after-free ...)
[experimental] - ffmpeg 7:7.0-1
- - ffmpeg <unfixed>
+ - ffmpeg 7:7.0.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
[bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
[buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
@@ -239758,7 +239758,6 @@ CVE-2021-33817
CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote
PHP code e ...)
- dolibarr <removed>
CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an
out-of-boun ...)
- [experimental] - ffmpeg <unfixed>
- ffmpeg <not-affected> (Vulnerable code not present, introduced in
cc85ca1cb34)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
CVE-2021-33814
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d40807f78ed0a474accf1e2461a6a14a343a5eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d40807f78ed0a474accf1e2461a6a14a343a5eb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
