Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed5b5e3a by Salvatore Bonaccorso at 2025-12-07T21:08:15+01:00
Add reference for introducing commit for CVE-2025-59734
As confirmed by Moritz Muehlenhoff; and the issue is not present in 7.1
(despite in the google bigsleep report 7.1.1 is mentioned).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18442,7 +18442,7 @@ CVE-2025-60956 (Cross Site Request Forgery (CSRF)
vulnerability in EndRun Techno
CVE-2025-59734 (It is possible to cause an use-after-free write in SANM
decoding with ...)
- ffmpeg <not-affected> (Vulnerable code introduced later)
NOTE: https://issuetracker.google.com/issues/440183164
- NOTE: Introduced in https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/
+ NOTE: Introduced in:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b48bd23321d8eee916dbe7afce96a749d29333f4
(n8.0)
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d311382c38df9c2237b33a9e8e860a5da7d2895d
(master)
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c41a70b6bb79707e1e3a4b0e31950cd986b9f50e
(master)
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/af310e68db0791b94753a9670c9a9ef0d717e32a
(n8.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed5b5e3a28f86fe36944801e89b6838876e715c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed5b5e3a28f86fe36944801e89b6838876e715c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
