remove entries for ffmpeg issues fixed in 4.1.7

2 files changed, 3 insertions, 8 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 488a08878b..a41bcd3d29 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7819,7 +7819,6 @@ CVE-2021-38172
 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not  ...)
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	[stretch] - ffmpeg <postponed> (Wait to be fixed in buster first)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
 CVE-2021-38170
@@ -7960,7 +7959,6 @@ CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return va
 	{DLA-2742-1}
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
 CVE-2021-3687
 	RESERVED
@@ -48613,13 +48611,12 @@ CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.ph
 CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds  ...)
 	{DLA-2537-1}
 	- ffmpeg 7:4.3.1-6 (bug #979999)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3
 CVE-2020-35964 (track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bo ...)
 	- ffmpeg 7:4.3.1-6 (bug #980000)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622
@@ -77642,7 +77639,6 @@ CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
 CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...)
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8246
 	NOTE: https://trac.ffmpeg.org/ticket/8241
@@ -77727,7 +77723,6 @@ CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_ma
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in  ...)
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8246
 	NOTE: https://trac.ffmpeg.org/ticket/8241
@@ -77743,13 +77738,11 @@ CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2
 CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.2.2-1
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://trac.ffmpeg.org/ticket/8183
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <ignored> (Minor issue)
 	NOTE: https://trac.ffmpeg.org/ticket/8190
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46
 CVE-2020-22014
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 8146cb435b..2bde14f957 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -24,6 +24,8 @@ chromium
 --
 djvulibre
 --
+ffmpeg/oldstable (jmm)
+--
 icu
 --
 linux (carnil)