Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b6415b1 by Salvatore Bonaccorso at 2025-09-17T19:14:52+02:00
Add upstream tag information for some upstream commits for ffmpeg
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19549,9 +19549,9 @@ CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS
Decoder (libavcodec/alsdec
- ffmpeg <unfixed>
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 4.3 branch)
NOTE: Introduced with:
https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
- NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
- NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e
(n5.1.7)
+ NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
(n8.0)
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/e0c5acb3e343d1c91c0914a786ff59176d4066a2
(n7.1.2)
+ NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e
(n5.1.7)
CVE-2025-40924 (Catalyst::Plugin::Session before version 0.44 for Perl
generates sessi ...)
- libcatalyst-plugin-session-perl 0.44-1 (bug #1109439)
[trixie] - libcatalyst-plugin-session-perl <no-dsa> (Minor issue)
@@ -68903,7 +68903,7 @@ CVE-2025-1594 (A vulnerability, which was classified as
critical, was found in F
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed
upstream)
NOTE:
https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
NOTE: https://trac.ffmpeg.org/ticket/11418
- NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/bedfb6eca402037f5cbb115fa767d106b8c14f1c
+ NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/bedfb6eca402037f5cbb115fa767d106b8c14f1c
(n8.0)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c2184b65d214d60f2d3df86a11ca502567a3d134
(n7.1.2)
CVE-2025-1412 (Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to
invalid ...)
- mattermost-server <itp> (bug #823556)
@@ -69698,7 +69698,7 @@ CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06
was discovered to contain
[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 7.1 branch)
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11393
- NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57
+ NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57
(n8.0)
CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit
4bf784c a ...)
- ffmpeg <not-affected> (Vulnerable code introduce later)
NOTE: https://trac.ffmpeg.org/ticket/11389
@@ -69708,7 +69708,7 @@ CVE-2025-22919 (A reachable assertion in FFmpeg
git-master commit N-113007-g8d24
{DSA-5985-1 DLA-4073-1}
- ffmpeg 7:7.1.1-1
NOTE: https://trac.ffmpeg.org/ticket/11385
- NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1446e37d3d032e1452844778b3e6ba2c20f0c322
+ NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1446e37d3d032e1452844778b3e6ba2c20f0c322
(n8.0)
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/145a3a84550a1c3a3b848c12a64b53c3c41d2888
(n7.1.1)
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a01eaecf6325cefab5b26e0d905df6662db37be1
(n5.1.7)
CVE-2025-22888 (Movable Type contains a stored cross-site scripting
vulnerability in t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6415b1a47d41ad3e6e31cfee26dbc24cdddfef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6415b1a47d41ad3e6e31cfee26dbc24cdddfef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
