diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-02 17:12:13 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-02 17:12:13 +0200 |
commit | 633dad26f67ae670dbe2a21e51e34789a20fd0a9 (patch) | |
tree | 1c769a22c738f81b32575d47db81459673c8fe5d | |
parent | f5c3606c89e28b23137691d2a57602f8bdc29da8 (diff) |
Switch several git.videolan.org references to access via https
-rw-r--r-- | data/CVE/2008.list | 2 | ||||
-rw-r--r-- | data/CVE/2010.list | 2 | ||||
-rw-r--r-- | data/CVE/2011.list | 8 | ||||
-rw-r--r-- | data/CVE/2012.list | 8 | ||||
-rw-r--r-- | data/CVE/2013.list | 56 | ||||
-rw-r--r-- | data/CVE/2014.list | 42 | ||||
-rw-r--r-- | data/CVE/2015.list | 36 | ||||
-rw-r--r-- | data/CVE/2016.list | 18 | ||||
-rw-r--r-- | data/CVE/2017.list | 16 | ||||
-rw-r--r-- | data/CVE/2018.list | 6 | ||||
-rw-r--r-- | data/CVE/2019.list | 8 | ||||
-rw-r--r-- | data/CVE/2020.list | 68 | ||||
-rw-r--r-- | data/CVE/2021.list | 4 |
13 files changed, 137 insertions, 137 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index ec8c35cea0..bdb7d63b8c 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -12222,7 +12222,7 @@ CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 {DSA-1819-1 DTSA-132-1} - vlc 0.8.6.e-2.2 (low; bug #480724) NOTE: https://trac.videolan.org/vlc/ticket/1578 - NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181 + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181 CVE-2008-6339 REJECTED CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and r ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index e4b41c6bb9..15b6a5e812 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -8252,7 +8252,7 @@ CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, a - mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245) [lenny] - mplayer 1.0~rc2-17+lenny3.2 - xine-lib <not-affected> (immune due to additional check in xio_rw_abbort()) - NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/ NOTE: DSA-2043 and DSA-2044 CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) ...) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 2dd7e8139d..e11f014252 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1744,7 +1744,7 @@ CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in - libav 4:0.7.3-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian <end-of-life> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropria ...) {DSA-2362-1} - acpid 1:2.0.11-1 @@ -8403,14 +8403,14 @@ CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg be - libav 4:0.6-1 (bug #628448) - ffmpeg 7:2.4.1-1 - ffmpeg-debian <end-of-life> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPl ...) {DSA-2306-1} - libav 4:0.6-1 (bug #628448) - ffmpeg 7:2.4.1-1 - ffmpeg-debian <end-of-life> NOTE: duplicate of CVE-2011-0723 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6 CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type he ...) NOT-FOR-US: SmarterStats CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect Content-T ...) @@ -14093,7 +14093,7 @@ CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subt CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...) - vlc 1.1.3-1squeeze2 [lenny] - vlc <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...) - pango1.0 1.28.3-1+squeeze1 (bug #610792) CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Dire ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 6cf038b3b7..51b67e796a 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -315,13 +315,13 @@ CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmp - libav 6:9.11-1 - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733 CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before 1. ...) - libav 6:9.11-1 [wheezy] - libav <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680) - ffmpeg <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=82b9799bb211ecd117171115e4a8b832c4942314 CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpe ...) - libav <not-affected> (Vulnerable code not present in libav) @@ -8344,7 +8344,7 @@ CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOM CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...) - vlc 2.0.2-1 (bug #680665) [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts) - NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e + NOTE: https://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e NOTE: http://securitytracker.com/id/1027224 CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...) - hadoop <itp> (bug #535861) @@ -9789,7 +9789,7 @@ CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg be ...) - ffmpeg <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne) - libav <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f NOTE: patch proposed: http://patches.libav.org/patch/32644/ CVE-2012-2773 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...) - ffmpeg 7:2.4.1-1 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 629128ad56..cec150b9c9 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -8112,7 +8112,7 @@ CVE-2013-4388 (Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4a {DSA-2973-1} - vlc 2.1.0-1 (bug #726528) [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts) - NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not prop ...) {DLA-0015-1} - linux-2.6 <removed> @@ -10098,7 +10098,7 @@ CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FF {DSA-3003-1} - ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg) - libav 6:10.4-1 - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812 CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg befo ...) - ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg) @@ -10108,7 +10108,7 @@ CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.4-1 - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94 CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...) - ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg) @@ -10118,7 +10118,7 @@ CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:10-1 [wheezy] - libav <not-affected> (Vulnerable code not present in 0.8) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9 CVE-2013-3669 RESERVED @@ -11033,7 +11033,7 @@ CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03 a CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...) - vlc 2.0.7-1 (unimportant) NOTE: Harmless crasher - NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9 + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9 NOTE: http://secunia.com/blog/372/ NOTE: http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB ...) @@ -17630,7 +17630,7 @@ CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.6-1 (bug #717009) NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25 NOTE: Fix needed for ffmpeg 0.5 CVE-2013-0872 (The swr_init function in libswresample/swresample.c in FFmpeg before 1 ...) - ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5) @@ -17647,25 +17647,25 @@ CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1. [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d NOTE: Fix needed in ffmpeg 0.5 CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.3-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31 CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1 ...) {DSA-2793-1} - ffmpeg <not-affected> (Code in 0.5 is different/not affected) - libav 6:0.8.7-1 (bug #717009) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7 CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg befor ...) {DSA-2855-1} @@ -17685,14 +17685,14 @@ CVE-2013-0862 (Multiple integer overflows in the process_frame_obj function in l CVE-2013-0861 (The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg bef ...) - ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5) - libav <not-affected> (Affected code not present in libav 0.8.x) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343 NOTE: Affects the libav version in experimental CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpe ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.1-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8 CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg befor ...) - ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5) @@ -17702,14 +17702,14 @@ CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.9-1 (bug #717009) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a NOTE: Fixed in 0.8.9 CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1. ...) {DSA-2793-1} - ffmpeg <not-affected> (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg) - libav 6:9.9-1 (bug #717009) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9 NOTE: Fixed in 0.8.9 CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...) @@ -17717,37 +17717,37 @@ CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.10-1 [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f CVE-2013-0855 (Integer overflow in the alac_decode_close function in libavcodec/alac. ...) - ffmpeg <not-affected> (0.5 series not affected) - libav 6:9.9-1 (bug #717009) [wheezy] - libav <not-affected> (0.8 series not affected) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...) {DSA-2793-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.8-1 (bug #717009) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8 CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg be ...) {DSA-2793-1} - ffmpeg <not-affected> (Vulnerability introduced later) - libav 6:0.8.8-1 (bug #717009) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...) {DSA-3003-1} - ffmpeg <not-affected> (PGS subtitle decoder not present) - libav 6:10.3-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061 CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 a ...) {DSA-3003-1} - ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5) - libav 6:10.3-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f9204ec56a4cf73843d1e5b8563d3584c2c05b47 (v10) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e8ff7972064631afbdf240ec6bfd9dec30cf2ce8 (v9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8) @@ -17756,39 +17756,39 @@ CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg b - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.7-1 (bug #717009) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8 CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg bef ...) {DSA-2855-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.3-1 (bug #717009) - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845 + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.4-1 - NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba + NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1. ...) - ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5) - libav <not-affected> (Code in libav is different, read_ttag) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952 CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in libavcode ...) {DSA-2855-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.3-1 (bug #717009) - NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed + NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b NOTE: Needed for ffmpeg 0.5 CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...) {DSA-2855-1} - ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5) - libav 6:9.11-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16 NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890 @@ -17797,7 +17797,7 @@ CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.10-1 - NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4 + NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4 NOTE: libav commit: https://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e NOTE: Fixed in 0.8.9 CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome befor ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 5ef0fa04ef..dd1bf7f181 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -2430,12 +2430,12 @@ CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for - libav 6:11.3-1 (bug #775593) NOTE: Applies to 0.8, but in different file (utvideo.c) NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5. ...) - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits a ...) - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg <not-affected> (Vulnerable code not present) @@ -3456,23 +3456,23 @@ CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FF - libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk) - ffmpeg 2.4.4-1 [squeeze] - ffmpeg <not-affected> (Vulnerable code not present) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...) - libav <not-affected> (Vulnerable code not present, format not supported) - ffmpeg 2.4.4-1 [squeeze] - ffmpeg <not-affected> (Vulnerable code not present) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...) {DLA-1611-1} - libav <removed> - ffmpeg 2.4.4-1 [squeeze] - ffmpeg <not-affected> (Vulnerable code not present) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8 CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg befor ...) - libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk) - ffmpeg 2.4.4-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844 CVE-2014-9315 RESERVED CVE-2014-9314 @@ -5380,45 +5380,45 @@ CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the [squeeze] - ffmpeg <not-affected> (Vulnerable code not present) - libav 6:11.2-1 (bug #773626) [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686 CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows rem ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute i ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903 CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allow ...) - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5 CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-blac ...) - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav <not-affected> (Vulnerable code not present) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6 CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bi ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.3-1 (bug #773626) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186 CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all line ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID dur ...) {DLA-1654-1} @@ -5426,14 +5426,14 @@ CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec I [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=88626e5af8d006e67189bf10b96b982502a7e8ad CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...) - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550 CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 an ...) NOT-FOR-US: Simple Email @@ -7202,7 +7202,7 @@ CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg be - libav <not-affected> (bug #785326; can't reproduce the issue) [jessie] - libav <not-affected> (Can't reproduce the issue) [wheezy] - libav <not-affected> (Can't reproduce the issue) - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057 CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser <end-of-life> @@ -7223,7 +7223,7 @@ CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function i - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg <end-of-life> - libav 6:11.3-1 - NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 + NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in core/d ...) - chromium-browser 40.0.2214.91-1 @@ -13348,13 +13348,13 @@ CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2 - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770 NOTE: <lu_zero> Does not apply to Libav at all. CVE-2014-5271 (Heap-based buffer overflow in the encode_slice function in libavcodec/ ...) - ffmpeg <not-affected> (Vulnerable code not present) - libav 6:11-1 [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803 NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1 NOTE: https://git.libav.org/?p=libav.git;a=commitdiff;h=45ce880a9b3e50cfa088f111dffaf8685bd7bc6b CVE-2014-5262 (SQL injection vulnerability in the graph settings script (graph_settin ...) @@ -14990,7 +14990,7 @@ CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in CVE-2014-4610 (Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - NOTE: Fixed in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee + NOTE: Fixed in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee CVE-2014-4609 (Integer overflow in the get_len function in libavutil/lzo.c in Libav b ...) {DSA-2977-1} - libav 6:10.2-1 @@ -21218,7 +21218,7 @@ CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad - libav 6:10.4-1 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257 CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9 ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index b7691d6841..a9dbffbb59 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -2715,7 +2715,7 @@ CVE-2015-8663 (The ff_get_buffer function in libavcodec/utils.c in FFmpeg before - ffmpeg 7:2.8.4-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf NOTE: For libav in jessie the patch needs to applied in libavcodec/decode.c in line 1884. CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg befor ...) {DLA-1611-1} @@ -2723,13 +2723,13 @@ CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5 CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in FFmp ...) {DLA-1611-1} - ffmpeg 7:2.8.3-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5 CVE-2015-8658 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2015-8657 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...) @@ -3750,7 +3750,7 @@ CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg - ffmpeg 7:2.8.3-1 (bug #806519) [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892 NOTE: fix for the libav 11.9 branch: https://git.libav.org/?p=libav.git;a=commit;h=v11.9-5-g88762a0 NOTE: fix for the libav 0.8 branch: https://git.libav.org/?p=libav.git;a=commit;h=9fba59f471725e5235d5378e795ebf8b59472817 CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi. ...) @@ -3758,14 +3758,14 @@ CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in libavcodec - ffmpeg 7:2.8.3-1 (bug #806519) [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066 CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...) {DLA-1611-1} - ffmpeg 7:2.8.3-1 (bug #806519) [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2 CVE-2015-8362 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices b ...) NOT-FOR-US: Harman AMX CVE-2015-8361 (Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.1 ...) @@ -8067,44 +8067,44 @@ CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFm ...) {DLA-1611-1} - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> [wheezy] - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626 CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before 2 ...) {DLA-1611-2} - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111 CVE-2015-6823 (The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2. ...) {DLA-1611-2} - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6 CVE-2015-6822 (The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7 ...) {DLA-1611-2 DLA-1611-1} - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4 CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg be ...) {DLA-1611-1} - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1 CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7. ...) {DLA-1611-1} - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3 CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in l ...) - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) @@ -8114,7 +8114,7 @@ CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg b - ffmpeg 7:2.7.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91 NOTE: For libav in jessie, the patch needs to go into the decode_frame() function in libavcodec/pngdec.c CVE-2015-6814 RESERVED @@ -8439,7 +8439,7 @@ CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg thro NOTE: https://code.google.com/p/chromium/issues/detail?id=532967 NOTE: Starting with 44.0.2403.157-1 chromium uses the ffmpeg system copy NOTE: It looks like this relates to multithreaded decoding of VPx codecs, which is not implemented in the squeeze version. But I'm not sure as the second bug report is still private. - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c CVE-2015-6760 (The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGL ...) {DSA-3376-1} - chromium-browser 46.0.2490.71-1 @@ -21907,7 +21907,7 @@ CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmp [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <removed> [wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037 CVE-2015-1871 RESERVED CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-re ...) @@ -24063,12 +24063,12 @@ CVE-2015-1209 (Use-after-free vulnerability in the VisibleSelection::nonBoundary [squeeze] - chromium-browser <end-of-life> CVE-2015-1208 (Integer underflow in the mov_read_default function in libavformat/mov. ...) - ffmpeg 7:2.5.3-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0 CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chr ...) {DLA-1654-1} - ffmpeg 7:2.6.1-1 - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75 CVE-2015-1206 (Heap-based buffer overflow in Google Chrome before M40 allows remote a ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser <end-of-life> diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 8de27dbce6..2e7140c32e 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -14997,7 +14997,7 @@ CVE-2016-6165 RESERVED CVE-2016-6164 (Integer overflow in the mov_build_index function in libavformat/mov.c ...) - ffmpeg 7:3.1.1-1 - NOTE: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823 + NOTE: https://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823 CVE-2016-1000101 REJECTED CVE-2016-1000100 @@ -26225,26 +26225,26 @@ CVE-2016-XXXX [Crash on bad SOAP request] CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...) - ffmpeg 2.8.6-1 - libav <not-affected> (Libav not affected according to upstream) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777 CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate Ro ...) - ffmpeg 2.8.6-1 - libav <not-affected> (Vulnerable code not present in any Libav version) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...) - ffmpeg 2.8.6-1 - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718 CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes i ...) - ffmpeg 2.8.5-1 - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971 CVE-2016-2326 (Integer overflow in the asf_write_packet function in libavformat/asfen ...) {DSA-3506-1} - ffmpeg 2.8.5-1 - libav <removed> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2 CVE-2016-2325 RESERVED CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to execut ...) @@ -26596,7 +26596,7 @@ CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in - ffmpeg 7:2.8.6-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4 CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan 1. ...) - botan1.10 <not-affected> (Introduced in 1.11.10) NOTE: Introduced in 1.11.10, fixed in 1.11.27 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index ac7c7ee68a..629c43b416 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -6177,7 +6177,7 @@ CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to / CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote ...) {DSA-4049-1} - ffmpeg 7:3.4.1-1 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...) NOT-FOR-US: vagrant-vmware-fusion CVE-2017-16838 @@ -9163,7 +9163,7 @@ CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 a {DSA-4049-1 DLA-1630-1} - ffmpeg 7:3.4-1 - libav <removed> - NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 + NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) [experimental] - glibc 2.26-0experimental0 - glibc 2.25-3 (low; bug #879500) @@ -23642,8 +23642,8 @@ CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x befo {DSA-4045-1} - vlc 2.2.6-3 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49 + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49 NOTE: https://trac.videolan.org/vlc/ticket/18467 CVE-2017-10698 RESERVED @@ -30492,22 +30492,22 @@ CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 d {DSA-3899-1} - vlc 2.2.5-1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...) {DSA-3899-1} - vlc 2.2.6-1~deb9u1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...) {DSA-3899-1} - vlc 2.2.5-1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6 + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6 CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...) {DSA-3899-1} - vlc 2.2.5.1-1~deb9u1 [wheezy] - vlc <end-of-life> (Not supported in wheezy LTS) - NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328 + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328 CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ...) {DLA-1497-1 DLA-1071-1 DLA-1070-1} - qemu 1:2.8+dfsg-5 (bug #862280) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index c08ec304f1..17b732063c 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -25982,7 +25982,7 @@ CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c i - vlc 3.0.2-1 [stretch] - vlc 3.0.2-0+deb9u1 [jessie] - vlc <not-affected> (Only affects 3.x) - NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8 + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8 NOTE: http://www.videolan.org/security/sa1801.html CVE-2018-11515 (The wpForo plugin through 2018-02-05 for WordPress has SQL Injection v ...) NOT-FOR-US: wpForo plugin for WordPress @@ -30162,7 +30162,7 @@ CVE-2018-10002 CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) {DSA-4249-1} - ffmpeg 7:3.4.3-1 (low) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081 - libav <removed> [jessie] - libav <not-affected> (Vulnerable code not present) NOTE: Fixed in 3.2.11 @@ -30504,7 +30504,7 @@ CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg throu - ffmpeg 7:3.4.3-1 (low) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758 CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically pr ...) NOT-FOR-US: Open Whisper Signal app for iOS CVE-2018-9839 (An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 0df9446a5c..f3926718a1 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -12748,7 +12748,7 @@ CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 NOT-FOR-US: Counter-Strike: Global Offensive CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...) - ffmpeg <not-affected> (Only affects 4.2) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71 CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an ...) {DSA-4533-1} - lemonldap-ng 2.0.6+ds-1 @@ -18158,7 +18158,7 @@ CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VL {DSA-4504-1} - vlc 3.0.8-1 (low) [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) - NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 + NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 NOTE: https://trac.videolan.org/vlc/ticket/22240 NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the ...) @@ -19899,7 +19899,7 @@ CVE-2019-13313 (libosinfo 1.5.0 allows local users to discover credentials by li CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based b ...) - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/7980 - NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4 + NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4 CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) @@ -21172,7 +21172,7 @@ CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demu {DSA-4459-1} - vlc 3.0.7-1 [jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html) - NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102 + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102 CVE-2019-12873 RESERVED CVE-2019-12872 (dotCMS before 5.1.6 is vulnerable to a SQL injection that can be explo ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 7a3d849c4e..187f3a30f5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -14327,9 +14327,9 @@ CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in NOTE: https://trac.ffmpeg.org/ticket/8859 NOTE: https://trac.ffmpeg.org/ticket/8860 NOTE: Support for 22.2 / channel_config 13 introduced in: - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 - NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f - NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 + NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f + NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...) - libass 1:0.15.0-1 [buster] - libass <no-dsa> (Minor issue) @@ -16506,7 +16506,7 @@ CVE-2020-24020 (Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_lay [buster] - ffmpeg <not-affected> (Vulnerable code not present) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8718 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb CVE-2020-24019 RESERVED CVE-2020-24018 @@ -20482,33 +20482,33 @@ CVE-2020-22045 CVE-2020-22044 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8295 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad NOTE: Negligible security impact CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8284 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590 NOTE: Negligible security impact CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg <unfixed> (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8267 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84 CVE-2020-22041 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8296 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f CVE-2020-22040 (A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memor ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8283 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1a0c584abc9709b1d11dbafef05d22e0937d7d19 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1a0c584abc9709b1d11dbafef05d22e0937d7d19 CVE-2020-22039 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8302 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3 CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg <unfixed> (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8285 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013 CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg <unfixed> (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8281 @@ -20516,114 +20516,114 @@ CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8261 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8262 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054 CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8236 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...) - ffmpeg <unfixed> [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8246 NOTE: https://trac.ffmpeg.org/ticket/8241 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02 CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8275 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44 CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8243 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8 CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8276 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae NOTE: https://trac.ffmpeg.org/ticket/8250 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b NOTE: https://trac.ffmpeg.org/ticket/8274 CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c NOTE: https://trac.ffmpeg.org/ticket/8242 CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144 NOTE: https://trac.ffmpeg.org/ticket/8317 CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 NOTE: https://trac.ffmpeg.org/ticket/8260 CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <not-affected> (Introduced in 4.2) [stretch] - ffmpeg <not-affected> (Introduced in 4.2) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3 NOTE: https://trac.ffmpeg.org/ticket/8310 CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c NOTE: https://trac.ffmpeg.org/ticket/8244 CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba NOTE: https://trac.ffmpeg.org/ticket/8264 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...) - ffmpeg <unfixed> [buster] - ffmpeg <postponed> (Wait for 4.1.7) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b NOTE: https://trac.ffmpeg.org/ticket/8240 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) [stretch] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8239 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...) - ffmpeg <unfixed> [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8246 NOTE: https://trac.ffmpeg.org/ticket/8241 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02 CVE-2020-22018 RESERVED CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8309 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...) - ffmpeg 7:4.2.2-1 [buster] - ffmpeg <postponed> (Wait for 4.1.7) NOTE: https://trac.ffmpeg.org/ticket/8183 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...) - ffmpeg <unfixed> [buster] - ffmpeg <ignored> (Minor issue) [stretch] - ffmpeg <ignored> (Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8190 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46 CVE-2020-22014 RESERVED CVE-2020-22013 @@ -37734,7 +37734,7 @@ CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_ [buster] - ffmpeg <not-affected> (Vulnerable code not present) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8716 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14 CVE-2020-14211 RESERVED CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...) @@ -39772,7 +39772,7 @@ CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function - vlc 3.0.11-1 [jessie] - vlc <end-of-life> (Not supported in jessie LTS) NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 - NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 + NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...) NOT-FOR-US: Victor CMS CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 800459d08d..7ab1b31bb6 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -8321,11 +8321,11 @@ CVE-2021-30124 RESERVED CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec ...) - ffmpeg <not-affected> (Only affects 4.4 development branches) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f NOTE: https://trac.ffmpeg.org/ticket/8845 NOTE: https://trac.ffmpeg.org/ticket/8863 NOTE: CVE description is wrong, this landed in 4.4 only - NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 + NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 CVE-2021-30122 RESERVED CVE-2021-30121 |