[Git][security-tracker-team/security-tracker][master] Track fix for CVE-2024-35366/ffmpeg in 4.3 branch

Tue, 25 Feb 2025 10:23:08 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f8c8c787 by Salvatore Bonaccorso at 2025-02-25T19:22:04+01:00
Track fix for CVE-2024-35366/ffmpeg in 4.3 branch

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23804,6 +23804,7 @@ CVE-2024-35366 (FFmpeg n6.1.1 is Integer Overflow. The 
vulnerability exists in t
        - ffmpeg 7:7.0.1-3
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
 (n7.0)
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/4db0eb4653efad967ddcf71f564fd2f1169bafcb
 (n5.1.5)
+       NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/21b8fbf060e5fef52c9d6380398487486eeca2ce
 (n4.3.7)
 CVE-2024-11992 (Absolute path traversal vulnerability in Quick.CMS, version 
6.7, the e ...)
        NOT-FOR-US: Quick.CMS
 CVE-2024-11990 (A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 
could al ...)


=====================================
data/DSA/list
=====================================
@@ -469,7 +469,7 @@
        [bullseye] - libvpx 1.9.0-1+deb11u3
        [bookworm] - libvpx 1.12.0-1+deb12u3
 [26 Jun 2024] DSA-5721-1 ffmpeg - security update
-       {CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 
CVE-2023-51798 CVE-2024-32230}
+       {CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 
CVE-2023-51798 CVE-2024-32230 CVE-2024-35366}
        [bullseye] - ffmpeg 7:4.3.7-0+deb11u1
 [25 Jun 2024] DSA-5720-1 chromium - security update
        {CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293 CVE-2024-9859}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c8c7879d1c6694f732e99cc8dacfa3891fa01d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8c8c7879d1c6694f732e99cc8dacfa3891fa01d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to