Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2ee8df1d by security tracker role at 2021-08-14T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1357,6 +1357,7 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibG NOTE: https://github.com/libgd/libgd/issues/697 NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032 CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...) + {DLA-2742-1} - ffmpeg <unfixed> [bullseye] - ffmpeg <postponed> (Wait for 4.3.3) [buster] - ffmpeg <postponed> (Wait for 4.1.7) @@ -11637,6 +11638,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able NOTE: https://docs.inspircd.org/security/2021-01/ NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532 @@ -70315,6 +70317,7 @@ CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a - ffmpeg <unfixed> (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8281 CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8261 @@ -70339,11 +70342,13 @@ CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at NOTE: https://trac.ffmpeg.org/ticket/8241 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02 CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8275 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44 CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8243 @@ -70361,6 +70366,7 @@ CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae NOTE: https://trac.ffmpeg.org/ticket/8250 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b @@ -70372,11 +70378,13 @@ CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 i NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c NOTE: https://trac.ffmpeg.org/ticket/8242 CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144 NOTE: https://trac.ffmpeg.org/ticket/8317 CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 @@ -70388,21 +70396,25 @@ CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame1 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3 NOTE: https://trac.ffmpeg.org/ticket/8310 CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c NOTE: https://trac.ffmpeg.org/ticket/8244 CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba NOTE: https://trac.ffmpeg.org/ticket/8264 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...) + {DLA-2742-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b NOTE: https://trac.ffmpeg.org/ticket/8240 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...) + {DLA-2742-1} - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8239 @@ -70423,11 +70435,13 @@ CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 NOTE: https://trac.ffmpeg.org/ticket/8309 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...) + {DLA-2742-1} - ffmpeg 7:4.2.2-1 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8183 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...) + {DLA-2742-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [buster] - ffmpeg <ignored> (Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8190 @@ -72419,6 +72433,7 @@ CVE-2020-21043 CVE-2020-21042 RESERVED CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse ...) + {DLA-2742-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [buster] - ffmpeg <postponed> (Wait for 4.1.7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ee8df1d22780be0c9862fba845d2dfc8bc58258 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ee8df1d22780be0c9862fba845d2dfc8bc58258 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits