[Git][security-tracker-team/security-tracker][master] Reserve DLA-3928-1 for ffmpeg

Emilio Pozuelo Monfort (@pochu) Mon, 21 Oct 2024 07:49:49 -0700


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e244a75c by Emilio Pozuelo Monfort at 2024-10-21T16:48:59+02:00
Reserve DLA-3928-1 for ffmpeg

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -49776,7 +49776,6 @@ CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg 
v.n6.1-3-g466799d4f5 all
        [experimental] - ffmpeg 7:7.0-1
        - ffmpeg 7:7.0.1-3
        [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
-       [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
        [buster] - ffmpeg <postponed> (Pick up when fixed in most related 
branch)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37fdd61d19cf25df296a0cb0b75
 (n7.0)
        NOTE: https://trac.ffmpeg.org/ticket/10688
@@ -50292,7 +50291,6 @@ CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to 
contain a heap use-after
        [experimental] - ffmpeg 7:7.0-1
        - ffmpeg 7:7.0.1-3
        [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
-       [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
        [buster] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
        NOTE: Fixed by 
https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7
 (n7.0)
 CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and 
configured ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Oct 2024] DLA-3928-1 ffmpeg - security update
+       {CVE-2023-49502 CVE-2024-7055 CVE-2024-31578}
+       [bullseye] - ffmpeg 7:4.3.8-0+deb11u1
 [21 Oct 2024] DLA-3927-1 openjdk-17 - security update
        {CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235}
        [bullseye] - openjdk-17 17.0.13+11-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -71,12 +71,6 @@ exim4 (Markus Koschany)
   NOTE: 20240923: Currently testing the update. (apo)
   NOTE: 20241010: Fixed some broken patches and will release soonish. (apo)
 --
-ffmpeg (Emilio)
-  NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) 
(Beuc/front-desk)
-  NOTE: 20240911: Update prepared in git and tested, waiting for CI pipeline
-  NOTE: 20240911: to support bullseye (pochu)
---
 firmware-nonfree (tobi)
   NOTE: 20241011: Added by Front-Desk (pochu)
   NOTE: 20241011: Update to bookworm version, possibly coordinate upload of



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e244a75c834a5091fd185cf5b5246f5ff4d2c7e9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e244a75c834a5091fd185cf5b5246f5ff4d2c7e9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3928-1 for ffmpeg

Reply via email to