From 7fcc90913c9a5a520de7b741673d36891d782414 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 22 Sep 2021 17:46:09 +0200 Subject: remove entries for ffmpeg issues fixed in 4.1.7 --- data/CVE/list | 9 +-------- data/dsa-needed.txt | 2 ++ 2 files changed, 3 insertions(+), 8 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 488a08878b..a41bcd3d29 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -7819,7 +7819,6 @@ CVE-2021-38172 CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) - ffmpeg [bullseye] - ffmpeg (Wait for 4.3.3) - [buster] - ffmpeg (Wait for 4.1.7) [stretch] - ffmpeg (Wait to be fixed in buster first) NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 CVE-2021-38170 @@ -7960,7 +7959,6 @@ CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return va {DLA-2742-1} - ffmpeg [bullseye] - ffmpeg (Wait for 4.3.3) - [buster] - ffmpeg (Wait for 4.1.7) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 CVE-2021-3687 RESERVED @@ -48613,13 +48611,12 @@ CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.ph CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds ...) {DLA-2537-1} - ffmpeg 7:4.3.1-6 (bug #979999) - [buster] - ffmpeg (Wait for 4.1.7) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 NOTE: https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b NOTE: https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3 CVE-2020-35964 (track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bo ...) - ffmpeg 7:4.3.1-6 (bug #980000) - [buster] - ffmpeg (Wait for 4.1.7) + [buster] - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code introduced later) NOTE: https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622 @@ -77642,7 +77639,6 @@ CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...) - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) - [buster] - ffmpeg (Wait for 4.1.7) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8246 NOTE: https://trac.ffmpeg.org/ticket/8241 @@ -77727,7 +77723,6 @@ CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_ma NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...) - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) - [buster] - ffmpeg (Wait for 4.1.7) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8246 NOTE: https://trac.ffmpeg.org/ticket/8241 @@ -77743,13 +77738,11 @@ CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...) {DLA-2742-1} - ffmpeg 7:4.2.2-1 - [buster] - ffmpeg (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8183 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...) {DLA-2742-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) - [buster] - ffmpeg (Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8190 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46 CVE-2020-22014 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 8146cb435b..2bde14f957 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -24,6 +24,8 @@ chromium -- djvulibre -- +ffmpeg/oldstable (jmm) +-- icu -- linux (carnil) -- cgit v1.2.3