Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0cc056ba by Moritz Muehlenhoff at 2024-04-18T13:51:59+02:00
new ffmpeg issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -217,17 +217,35 @@ CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload
vulnerability.)
CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an
Off-by-one Er ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
+ [buster] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
(n7.0)
+ NOTE: Introduced by
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
(n5.1)
CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a
use-after-fr ...)
TODO: check
CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer
overflow v ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+ NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2
(n7.0)
CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper
validation o ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+ NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer
overflow ...)
TODO: check
CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap
use-after-free ...)
- TODO: check
+ [experimental] - ffmpeg 7:7.0-1
+ - ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+ [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x)
+ NOTE: Fixed by
https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7
CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and
configured ...)
TODO: check
CVE-2024-31041 (Null Pointer Dereference vulnerability in topic_filtern
function in mq ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc056baf3e1754446afa5144ad328417e850041
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc056baf3e1754446afa5144ad328417e850041
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
