add note on ffmpeg CVE duplicate

author: Moritz Muehlenhoff <jmm@debian.org> 2021-09-22 17:53:46 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-09-22 17:54:19 +0200
commit: 0cd0ffbd649f07a8101a9eef4beacb34b1fb0330 (patch)
tree: c4881a7b20981266b07827f40e61202996565d57 /data/CVE/list.2020
parent: 7fb6542567fbfb521304540cf75931c3652197d1 (diff)
1 files changed, 31 insertions, 29 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 1d10fc5d22..1026c165f8 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -21058,18 +21058,19 @@ CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
 CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://trac.ffmpeg.org/ticket/8261
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
+	NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE
 CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8262
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054
 CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8236
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
@@ -21082,49 +21083,49 @@ CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at
 CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://trac.ffmpeg.org/ticket/8275
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
 CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://trac.ffmpeg.org/ticket/8243
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
 CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8276
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
 CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
 	NOTE: https://trac.ffmpeg.org/ticket/8250
 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
 	NOTE: https://trac.ffmpeg.org/ticket/8274
 CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	[stretch] - ffmpeg <ignored> (Required change too invasive, original patch need to be completely rewritten)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
 	NOTE: https://trac.ffmpeg.org/ticket/8242
 CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
 	NOTE: https://trac.ffmpeg.org/ticket/8317
 CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at  ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
 	NOTE: https://trac.ffmpeg.org/ticket/8260
 CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
@@ -21136,25 +21137,25 @@ CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame1
 CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
 	NOTE: https://trac.ffmpeg.org/ticket/8244
 CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
 	NOTE: https://trac.ffmpeg.org/ticket/8264
 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
 	NOTE: https://trac.ffmpeg.org/ticket/8240
 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
 	{DLA-2742-1}
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://trac.ffmpeg.org/ticket/8239
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in  ...)
@@ -21167,7 +21168,7 @@ CVE-2020-22018
 	RESERVED
 CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/8309
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
@@ -21818,7 +21819,7 @@ CVE-2020-21698
 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
 	- ffmpeg 7:4.4-5
 	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://trac.ffmpeg.org/ticket/8188
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
 CVE-2020-21696
@@ -21840,7 +21841,7 @@ CVE-2020-21689
 CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
 	- ffmpeg 7:4.4-5
 	[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://trac.ffmpeg.org/ticket/8186
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
 CVE-2020-21687
@@ -23262,8 +23263,8 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_i
 	{DLA-2742-1}
 	[experimental] - ffmpeg 7:4.4-1
 	- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
-	[stretch] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
+	[stretch] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://trac.ffmpeg.org/ticket/7989
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba
 CVE-2020-21040
@@ -23552,19 +23553,20 @@ CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5)
 CVE-2020-20901 (Buffer Overflow vulnerability in function filter_frame in libavfilter/ ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=07050d7bdc32d82e53ee5bb727f5882323d00dba (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8264
 CVE-2020-20900 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/de598f82f8c3f8000e1948548e8088148e2b1f44 (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8275
 CVE-2020-20899 (Buffer Overflow vulnerability in function config_props in libavfilter/ ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8261
+	NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE
 CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...)
 	- ffmpeg 7:4.3-2
 	[buster] - ffmpeg <ignored> (Minor issue)
@@ -23572,27 +23574,27 @@ CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in l
 	NOTE: https://trac.ffmpeg.org/ticket/8263
 CVE-2020-20897 (Buffer Overflow vulnerability in function filter_slice in libavfilter/ ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0749082eb93ea02fa4b770da86597450cec84054 (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8262
 CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8273
 CVE-2020-20895 (Buffer Overflow vulnerability in function filter_vertically_##name in  ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f069a9c2a65bc20c3462127623127df6dfd06c5b (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8274
 CVE-2020-20894 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8260
 CVE-2020-20893 (Buffer Overflow vulnerability in function activate in libavfilter/af_a ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/e1b89c76f66343d1b495165664647317c66764bb (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8276
 CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
@@ -23602,7 +23604,7 @@ CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/
 	NOTE: https://trac.ffmpeg.org/ticket/8265
 CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
 	- ffmpeg 7:4.3-2
-	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
+	[buster] - ffmpeg <postponed> (Wait for 4.1.8)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
 	NOTE: https://trac.ffmpeg.org/ticket/8282
 CVE-2020-20890
author	Moritz Muehlenhoff <jmm@debian.org>	2021-09-22 17:53:46 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-09-22 17:54:19 +0200
commit	0cd0ffbd649f07a8101a9eef4beacb34b1fb0330 (patch)
tree	c4881a7b20981266b07827f40e61202996565d57 /data/CVE/list.2020
parent	7fb6542567fbfb521304540cf75931c3652197d1 (diff)