diff options
| author | Chris Lamb <lamby@debian.org> | 2021-11-16 07:48:55 -0800 |
|---|---|---|
| committer | Chris Lamb <lamby@debian.org> | 2021-11-16 07:48:55 -0800 |
| commit | 2febac0ea1a8001503d49349f57ce081e3008c8b (patch) | |
| tree | e550af9ab457f9db65e32ddfe4c983025fe38c49 | |
| parent | 286369ee674276e0fd3de085ee5a096ca21af9c1 (diff) | |
Triage CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-21688, CVE-2020-21697 & CVE-2020-20902 in ffmpeg for stretch LTS.
| -rw-r--r-- | data/CVE/2020.list | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 20d8e65506..d89fd5c289 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -21993,6 +21993,7 @@ CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in l {DSA-4998-1} - ffmpeg 7:4.4-5 [buster] - ffmpeg <postponed> (Wait for 4.1.9) + [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update) NOTE: https://trac.ffmpeg.org/ticket/8188 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 CVE-2020-21696 @@ -22015,6 +22016,7 @@ CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem. {DSA-4998-1} - ffmpeg 7:4.4-5 [buster] - ffmpeg <postponed> (Wait for 4.1.9) + [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update) NOTE: https://trac.ffmpeg.org/ticket/8186 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 CVE-2020-21687 @@ -23752,6 +23754,7 @@ CVE-2020-20903 CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...) {DSA-4722-1} - ffmpeg 7:4.2.2-1 + [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update) NOTE: https://trac.ffmpeg.org/ticket/8176 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd (4.3) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22 (4.3) @@ -23774,6 +23777,7 @@ CVE-2020-20897 CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.9) + [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3) NOTE: https://trac.ffmpeg.org/ticket/8273 CVE-2020-20895 @@ -23785,11 +23789,13 @@ CVE-2020-20893 CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <ignored> (Minor issue) + [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8265 CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.9) + [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3) NOTE: https://trac.ffmpeg.org/ticket/8282 CVE-2020-20890 |