From 401821e558bf43a919d0c6fd60197f9ce6921ede Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 7 Jul 2020 20:08:23 +0200
Subject: ffmpeg updates

---
 data/CVE/list | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index aae4d22284..5ae9bdd9bb 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3248,7 +3248,10 @@ CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should
 	- zammad <itp> (bug #841355)
 CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...)
 	- ffmpeg <unfixed>
+	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
+	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8716
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
 CVE-2020-14211
 	RESERVED
 CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected  ...)
@@ -45142,7 +45145,6 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32
 CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
 	{DLA-2021-1}
 	- ffmpeg 7:4.2.1-1
-	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
@@ -45170,7 +45172,6 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
 CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
 	- ffmpeg 7:4.2.1-1 (low)
-	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed> (low)
 	[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
@@ -59007,7 +59008,6 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier
 	NOTE: which seems to be the actual patch for this issue.
 CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...)
 	- ffmpeg 7:4.2.1-1 (low; bug #932535)
-	[buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	NOTE: https://trac.ffmpeg.org/ticket/7979
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
-- 
cgit v1.2.3