Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0cc056ba by Moritz Muehlenhoff at 2024-04-18T13:51:59+02:00 new ffmpeg issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -217,17 +217,35 @@ CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload vulnerability.) CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Er ...) - TODO: check + [experimental] - ffmpeg 7:7.0-1 + - ffmpeg <unfixed> + [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) + [bullseye] - ffmpeg <not-affected> (Vulnerable code not present) + [buster] - ffmpeg <not-affected> (Vulnerable code not present) + NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0) + NOTE: Introduced by https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1) CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a use-after-fr ...) TODO: check CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer overflow v ...) - TODO: check + [experimental] - ffmpeg 7:7.0-1 + - ffmpeg <unfixed> + [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) + [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) + NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2 (n7.0) CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper validation o ...) - TODO: check + [experimental] - ffmpeg 7:7.0-1 + - ffmpeg <unfixed> + [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) + [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) + NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196 CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...) TODO: check CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after-free ...) - TODO: check + [experimental] - ffmpeg 7:7.0-1 + - ffmpeg <unfixed> + [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x) + [bullseye] - ffmpeg <postponed> (Pick up when fixed in 4.3.x) + NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7 CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and configured ...) TODO: check CVE-2024-31041 (Null Pointer Dereference vulnerability in topic_filtern function in mq ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc056baf3e1754446afa5144ad328417e850041 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cc056baf3e1754446afa5144ad328417e850041 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits