diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-09-22 17:53:46 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-09-22 17:54:19 +0200 |
commit | 0cd0ffbd649f07a8101a9eef4beacb34b1fb0330 (patch) | |
tree | c4881a7b20981266b07827f40e61202996565d57 /data/CVE/list.2020 | |
parent | 7fb6542567fbfb521304540cf75931c3652197d1 (diff) |
add note on ffmpeg CVE duplicate
Diffstat (limited to 'data/CVE/list.2020')
-rw-r--r-- | data/CVE/list.2020 | 60 |
1 files changed, 31 insertions, 29 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 1d10fc5d22..1026c165f8 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -21058,18 +21058,19 @@ CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://trac.ffmpeg.org/ticket/8261 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 + NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8262 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054 CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8236 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac @@ -21082,49 +21083,49 @@ CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://trac.ffmpeg.org/ticket/8275 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44 CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://trac.ffmpeg.org/ticket/8243 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8 CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8276 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae NOTE: https://trac.ffmpeg.org/ticket/8250 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b NOTE: https://trac.ffmpeg.org/ticket/8274 CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) [stretch] - ffmpeg <ignored> (Required change too invasive, original patch need to be completely rewritten) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c NOTE: https://trac.ffmpeg.org/ticket/8242 CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144 NOTE: https://trac.ffmpeg.org/ticket/8317 CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 NOTE: https://trac.ffmpeg.org/ticket/8260 CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...) @@ -21136,25 +21137,25 @@ CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame1 CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c NOTE: https://trac.ffmpeg.org/ticket/8244 CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba NOTE: https://trac.ffmpeg.org/ticket/8264 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...) {DLA-2742-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b NOTE: https://trac.ffmpeg.org/ticket/8240 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...) {DLA-2742-1} - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://trac.ffmpeg.org/ticket/8239 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...) @@ -21167,7 +21168,7 @@ CVE-2020-22018 RESERVED CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8309 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d @@ -21818,7 +21819,7 @@ CVE-2020-21698 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...) - ffmpeg 7:4.4-5 [bullseye] - ffmpeg <postponed> (Wait for 4.3.3) - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://trac.ffmpeg.org/ticket/8188 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 CVE-2020-21696 @@ -21840,7 +21841,7 @@ CVE-2020-21689 CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...) - ffmpeg 7:4.4-5 [bullseye] - ffmpeg <postponed> (Wait for 4.3.3) - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://trac.ffmpeg.org/ticket/8186 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 CVE-2020-21687 @@ -23262,8 +23263,8 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_i {DLA-2742-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) - [buster] - ffmpeg <postponed> (Wait for 4.1.7) - [stretch] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) + [stretch] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://trac.ffmpeg.org/ticket/7989 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba CVE-2020-21040 @@ -23552,19 +23553,20 @@ CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5) CVE-2020-20901 (Buffer Overflow vulnerability in function filter_frame in libavfilter/ ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=07050d7bdc32d82e53ee5bb727f5882323d00dba (4.3) NOTE: https://trac.ffmpeg.org/ticket/8264 CVE-2020-20900 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/de598f82f8c3f8000e1948548e8088148e2b1f44 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8275 CVE-2020-20899 (Buffer Overflow vulnerability in function config_props in libavfilter/ ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8261 + NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <ignored> (Minor issue) @@ -23572,27 +23574,27 @@ CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in l NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2020-20897 (Buffer Overflow vulnerability in function filter_slice in libavfilter/ ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0749082eb93ea02fa4b770da86597450cec84054 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8262 CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3) NOTE: https://trac.ffmpeg.org/ticket/8273 CVE-2020-20895 (Buffer Overflow vulnerability in function filter_vertically_##name in ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f069a9c2a65bc20c3462127623127df6dfd06c5b (4.3) NOTE: https://trac.ffmpeg.org/ticket/8274 CVE-2020-20894 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8260 CVE-2020-20893 (Buffer Overflow vulnerability in function activate in libavfilter/af_a ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/e1b89c76f66343d1b495165664647317c66764bb (4.3) NOTE: https://trac.ffmpeg.org/ticket/8276 CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...) @@ -23602,7 +23604,7 @@ CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/ NOTE: https://trac.ffmpeg.org/ticket/8265 CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...) - ffmpeg 7:4.3-2 - [buster] - ffmpeg <postponed> (Wait for 4.1.7) + [buster] - ffmpeg <postponed> (Wait for 4.1.8) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3) NOTE: https://trac.ffmpeg.org/ticket/8282 CVE-2020-20890 |