Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
907379cc by Thorsten Alteholz at 2025-02-28T19:35:22+01:00
Track fix for CVE-2024-36616/ffmpeg in 4.3 branch
- - - - -
3ad8c184 by Thorsten Alteholz at 2025-02-28T19:35:29+01:00
Track fix for CVE-2024-36617/ffmpeg in 4.3 branch
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27925,11 +27925,13 @@ CVE-2024-36617 (FFmpeg n6.1.1 has an integer overflow
vulnerability in the FFmpe
- ffmpeg 7:7.0.1-3
NOTE:
https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
(n7.0)
NOTE:
https://github.com/ffmpeg/ffmpeg/commit/f0e780370cc1c437d64f10d326b1d656ef490b5f
(n5.1.5)
+ NOTE:
https://github.com/FFmpeg/FFmpeg/commit/9557810a81624f222d603e0fdf3778054f8d8cc4
(n4.3.7)
CVE-2024-36616 (An integer overflow in the component
/libavformat/westwood_vqa.c of FF ...)
{DSA-5712-1}
- ffmpeg 7:7.0.1-3
NOTE:
https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
(n7.0)
NOTE:
https://github.com/ffmpeg/ffmpeg/commit/a8beef67993aa267de87599007143d9f0ba67c23
(n5.1.5)
+ NOTE:
https://github.com/FFmpeg/FFmpeg/commit/251b3c3892e79bd9dd93a973d16c28667fde131e
(n4.3.7)
CVE-2024-36615 (FFmpeg n7.0 has a race condition vulnerability in the VP9
decoder. Thi ...)
- ffmpeg 7:7.1-3
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
=====================================
data/DSA/list
=====================================
@@ -475,7 +475,7 @@
[bullseye] - libvpx 1.9.0-1+deb11u3
[bookworm] - libvpx 1.12.0-1+deb12u3
[26 Jun 2024] DSA-5721-1 ffmpeg - security update
- {CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794
CVE-2023-51798 CVE-2024-32230 CVE-2024-35366}
+ {CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794
CVE-2023-51798 CVE-2024-32230 CVE-2024-35366 CVE-2024-36616 CVE-2024-36617}
[bullseye] - ffmpeg 7:4.3.7-0+deb11u1
[25 Jun 2024] DSA-5720-1 chromium - security update
{CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293 CVE-2024-9859}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93e7a40c92ebf08eef88c140057f1618f1143e43...3ad8c1842489dd67f87848699a364abd75cc1ba7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93e7a40c92ebf08eef88c140057f1618f1143e43...3ad8c1842489dd67f87848699a364abd75cc1ba7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
