[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#989439: marked as done (CVE-2020-22033 CVE-2020-22021 CVE-2020-22019 CVE-2020-22015 CVE-2020-21041)

Your message dated Fri, 04 Jun 2021 21:03:30 +0000
with message-id <E1lpGyY-000AKr-Qz@fasolo.debian.org>
and subject line Bug#989439: fixed in ffmpeg 7:4.3.2-0+deb11u2
has caused the Debian Bug report #989439,
regarding CVE-2020-22033 CVE-2020-22021 CVE-2020-22019 CVE-2020-22015 CVE-2020-21041
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
989439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989439
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: ffmpeg
Version: 7:4.3.2-0+deb11u1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

A few security issues:

CVE-2020-22033:
https://trac.ffmpeg.org/ticket/8246
https://trac.ffmpeg.org/ticket/8241
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02

CVE-2020-22021:
https://trac.ffmpeg.org/ticket/8240
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b

CVE-2020-22019:
https://trac.ffmpeg.org/ticket/8246
https://trac.ffmpeg.org/ticket/8241
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02

CVE-2020-22015:
https://trac.ffmpeg.org/ticket/8190
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46

CVE-2020-21041:
https://trac.ffmpeg.org/ticket/7989
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba

Cheers,
	 Moritz

--- End Message ---
--- Begin Message --- 
Source: ffmpeg
Source-Version: 7:4.3.2-0+deb11u2
Done: Sebastian Ramacher <sramacher@debian.org>

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 989439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated ffmpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 04 Jun 2021 22:34:50 +0200
Source: ffmpeg
Architecture: source
Version: 7:4.3.2-0+deb11u2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 989439
Changes:
 ffmpeg (7:4.3.2-0+deb11u2) unstable; urgency=medium
 .
   * debian/patches: Apply upstream patches for CVEs (Closes: #989439)
     - avfilter/vf_vmafmotion: Fix out-of-bounds access (CVE-2020-22019, CVE-2020-22033)
     - avfilter/vf_yadif: Fix out-of-bounds access (CVE-2020-22021)
     - avformat/movenc: Fix out-of-bounds access (CVE-2020-22015)
     - avcodec/pngen: Fix buffer overflow (CVE-2020-21041)
Checksums-Sha1:
 065ee6b84118faea04996e867a46f77dc0fe366e 5439 ffmpeg_4.3.2-0+deb11u2.dsc
 5d9b0a4ea65c82442c9664c328b6dd06b03b903b 91068 ffmpeg_4.3.2-0+deb11u2.debian.tar.xz
Checksums-Sha256:
 415978dd907ad89c18b197c3aaa478ab69f334e5cf5a70aaf4080d84e23dbcd1 5439 ffmpeg_4.3.2-0+deb11u2.dsc
 ce481ac4c427a2ca6dc03bdb9bbcf38c1a178d649dc5352a804b70cea8aaad67 91068 ffmpeg_4.3.2-0+deb11u2.debian.tar.xz
Files:
 b4f368280f6fa7667bdd30f7cb564871 5439 video optional ffmpeg_4.3.2-0+deb11u2.dsc
 28f31c44a223b3421209fca2aa8e2a52 91068 video optional ffmpeg_4.3.2-0+deb11u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmC6lAoACgkQafL8UW6n
GZN8dQ/+N4Ezb9Vz02fir0vBoKZohEyi00BINUIjplb50UVFEIETMzRjLc6Y5RDw
0foVSst32p9tBqXX2/QsAAZeSpHrXxceaukv4poF0N48MkisGxbAbgxLYPaVTQlS
SqGWu31kG89bKRj+oKnC3GXqmtbFBvt5jMmozjgnv25ZJ5U9Ca/9L5DAAXRzHOLz
Hjpn0Qeg0ObrvcPs2qZOU9Hlk+JEjjLKzzCDUCdh3lHBSrDAzT7CbKVE6yoRB5G3
2t2Ql/ddP1rjjIxKCc0czhnRaXg1+lEtZiwH12tlfe4lYxiGjRV1Vl0H5tL1fa9h
jDkBdAa0UB3EjeZo4HWY1HT4Ra7m8sSXZAwOcfSojr9ZKL72ph2bNOxlMIvNEfDj
vSGcILUQ4yG7H7/pIy7Q7+OeIdCNwV6azrrvsLPFa4AMFRH6QxUjnRWh4zZTJoNS
6QhDDbjEr/I5OQwxqJWF7a6BMgkTqfCOeXMdyTQyvWtk2KQk7lCpur19aCyqzSjI
yvwDcRpYXqwa0bmK536ogfkdDJVEiyBMYif3ItKyiWedd92siyePNcBMW5IrVo1Y
jPKC4aWxOokpvEO0a9WpxjmUCiDYF6XkVfvPqlS1CiIKPOZ5bT+O6CvDYaZNGfg/
biAQWaswhqBj67u66tm5CSB46S5Cm4oimEKEcwdRIOLI9dJDec4=
=ctZA
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: