Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9d91d5b6 by Anton Gladky at 2021-08-14T18:33:35+02:00 Reserve DLA-2742-1 for ffmpeg - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[14 Aug 2021] DLA-2742-1 ffmpeg - security update + {CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22028 CVE-2020-22031 CVE-2020-22032 CVE-2020-22036 CVE-2021-3566 CVE-2021-38114} + [stretch] - ffmpeg 7:3.2.15-0+deb9u3 [12 Aug 2021] DLA-2741-1 commons-io - security update {CVE-2021-29425} [stretch] - commons-io 2.5-1+deb9u1 ===================================== data/dla-needed.txt ===================================== @@ -24,19 +24,6 @@ ansible exiv2 (Utkarsh Gupta) NOTE: 20210801: check further; some no-dsa issues have piled up, too. (utkarsh) -- -ffmpeg (Anton Gladky) - NOTE: 20210607: stretch was following the 3.2.x release line, but 3.2.15 - NOTE: 20210607: (released 2020-07-02) was the last on this branch. There are - NOTE: 20210607: now 10+ ~new CVEs that nominally apply to the version in LTS, - NOTE: 20210607: so some investigation and insight is required to see which - NOTE: 20210607: apply and/or what we do with the version of ffmpeg in LTS - NOTE: 20210607: going forward. There is a 3.4.x release branch, for example, - NOTE: 20210607: but unclear on the compatibility as well as whether this one - NOTE: 20210607: won't just be dropped too, etc. etc. (lamby) - NOTE: 20210719: https://salsa.debian.org/lts-team/packages/ffmpeg/-/blob/master/debian/changelog - NOTE: 20210719: CVE-2020-22036 and CVE-2020-22032 are done. Many false-positive. Investigating. - NOTE: 20210730: CVE-2020-22031 and CVE-2020-22028 are done. Checking rest of patches. Try to reproduce --- firmware-nonfree (Anton Gladky) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d91d5b67ccdcd69d688c4c9579afe1bcc67970f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d91d5b67ccdcd69d688c4c9579afe1bcc67970f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits