From c7b652eb1284ab1eef96bb553aa94ea2d2eb3384 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 3 Apr 2021 15:48:56 +0200
Subject: Add information for CVE-2020-24995/ffmpeg

---
 data/CVE/2020.list | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index e3175743e7..88cd9ceb97 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -13955,7 +13955,14 @@ CVE-2020-24996 (There is an invalid memory access in the function TextString::~T
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
 CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in aacde ...)
-	TODO: check
+	- ffmpeg <undetermined>
+	NOTE: https://trac.ffmpeg.org/ticket/8845
+	NOTE: https://trac.ffmpeg.org/ticket/8859
+	NOTE: https://trac.ffmpeg.org/ticket/8860
+	NOTE: Support for 22.2 / channel_config 13 introduced in:
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+	NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+	TODO: check if issue introduced only when introducign support for Support for 22.2 / channel_config 13
 CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
 	- libass 1:0.15.0-1
 	[buster] - libass <no-dsa> (Minor issue)
-- 
cgit v1.2.3