[FFmpeg-cvslog] [ffmpeg-web] branch master updated. c1acb1b web/security: Add more missing CVE#s
ffmpeg-git at ffmpeg.org
ffmpeg-git at ffmpeg.org
Thu Nov 24 22:40:03 EET 2022
The branch, master has been updated
via c1acb1b9bd2551a147fd422e96ed456da810aef3 (commit)
from a4b40b1f993070377e98759e6db0a4d08a9649c5 (commit)
- Log -----------------------------------------------------------------
commit c1acb1b9bd2551a147fd422e96ed456da810aef3
Author: Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Thu Nov 24 21:38:51 2022 +0100
Commit: Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Thu Nov 24 21:38:51 2022 +0100
web/security: Add more missing CVE#s
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
diff --git a/src/security b/src/security
index 270c455..aae87ee 100644
--- a/src/security
+++ b/src/security
@@ -572,6 +572,17 @@ CVE-2020-22046, 02fd294a333baaa55501eb0a26b86c99a80e4569 / 097c917c147661f5378da
CVE-2020-22048, ee981f7ceb2c20dbfc5a2f5f27b0c44032eac798 / fddef964e8aa4a2c123e470db1436a082ff6bcf3, ticket/8303
</pre>
+<h3>3.4.10</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-20891, b239ccff7db0d418a74adcebfb1f2304f9a2f1f0 / 64a805883d7223c868a683f0030837d859edd2ab, ticket/8282
+CVE-2020-20892, 32a384519a57ad850789636c4c686091a53ce217 / 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01, ticket/8265
+CVE-2020-20896, b8197738d27f21583d9f83d7fa8c978d3a47af85 / dd01947397b98e94c3f2a79d5820aaf4594f4d3b, ticket/8273
+CVE-2020-20902, 04240e1d09e67c6e92189a96aeab96ef7428d942 / 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22, ticket/8176
+</pre>
+
<h3>3.4.9</h3>
<p>
Fixes following vulnerabilities:
@@ -587,6 +598,7 @@ CVE-2020-35965, 00115573e3030eff57847e1045ec18f0da5adb5c / 3e5959b3457f7f1856d99
CVE-2021-38114, e61b25e2557394e640a5aae901473785a4b23db5 / 7150f9575671f898382c370acae35f9087a30ba1
CVE-2021-38171, bc9e0b6cd2839acbac8da3232d715eb66857e453 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
CVE-2021-38291, a4a3fd814aac900175ec4a2811cb5bf98c1ddad3 / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
+CVE-2020-23906, d46b698478f11ab85135b3cf0a7944c4dd62e37c / ec59dc73f0cc8930bf5dae389cd76d049d537ca7, ticket/8782
</pre>
<h3>3.4.8</h3>
@@ -607,6 +619,10 @@ CVE-2019-12730, 59ac4182583e4791a7f98b79099916fd96beedfd / ed188f6dcdf0935c939ed
CVE-2019-13390, cfa7c079f72b65bfe038af84d95d384a609d4f0a / aef24efb0c1e65097ab77a4bf9264189bdf3ace3
CVE-2019-17542, 4aaf644892843e3c68f4761725ab9435745f015c / 02f909dc24b1f05cfbba75077c7707b905e63cd2
CVE-2019-17539, c3b7afa4e917d748f0c3f8237b04ebdd99bdcacb / 8df6884832ec413cf032dfaa45c23b1c7876670c
+CVE-2020-20448, 0c9ad1c746e3a8ccb7c6f292e10c8017c0a9dc3b / 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
+CVE-2020-20448, e0d167051e93bad55a4c009399de1545aa07eeb5 / 55279d699fa64d8eb1185d8db04ab4ed92e8dea2, ticket/7990
+CVE-2020-20902, 4b4c26ca09b525168339df8697eb7f6bfe20345f / 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
+CVE-2020-20902, f628f38f6e43c140167005593b447c47fd731a44 / 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
</pre>
<h3>3.4.6</h3>
@@ -805,24 +821,6 @@ CVE-2017-7866, e371f031b942d73e02c090170975561fabd5c264
<h2>FFmpeg 3.2</h2>
-<h3>3.2.18</h3>
-<p>
-Fixes following vulnerabilities:
-</p>
-<pre>
-CVE-2020-20451, 0c949b6ebfcee1b23a5fe33a3bc8af167956ea1e / 21265f42ecb265debe9fec1dbfd0cb7de5a8aefb, ticket/8094
-CVE-2020-21041, 3d350ec7281cd0d357231fc2c99f44ebe425d586 / 5d9f44da460f781a1604d537d0555b78e29438ba, ticket/7989
-CVE-2020-22016, 02161c6ed194ddfa00fd2af7684a8099852bc3ce / 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145, ticket/8183
-CVE-2020-22020, 93ad1e4a9f17ac5145c2957bb270a454c8a0cefd / ce5274c1385d55892a692998923802023526b765, ticket/8239
-CVE-2020-22022, ea5d154845dfc1c6e550d197d7da79aee87c9f66 / 07050d7bdc32d82e53ee5bb727f5882323d00dba, ticket/8264
-CVE-2020-22025, ff73a50456b93e8d555603c093a3ebd193d0b097 / ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8, ticket/8260
-CVE-2020-22031, 1a4d18820d551bedcfa03b7e8ca72df87d4b5cfa / 0e68e8c93f9068596484ec8ba725586860e06fc8, ticket/8243
-CVE-2020-22032, a19796a15ee0ab82e2b70d253d328111e9f916e0 / de598f82f8c3f8000e1948548e8088148e2b1f44, ticket/8275
-CVE-2020-22041, 4f566654e744c7810f4afdd91fe00fdd1ef46646 / 3488e0977c671568731afa12b811adce9d4d807f, ticket/8296
-CVE-2020-22044, 40dfd623632ed22bf3c98465ae3e68fcb1f31200 / 1d479300cbe0522c233b7d51148aea2b29bd29ad, ticket/8295
-CVE-2020-22046, 1a541dc0c5e1279251c9ed4cd416005fcca6e748 / 097c917c147661f5378dae8fe3f7e46f43236426, ticket/8294
-</pre>
-
<h3>3.2.18</h3>
<p>
Fixes following vulnerabilities:
@@ -846,14 +844,29 @@ CVE-2020-22046, bbc9751da67286d27f379dbe3b52ee3b55b0503e / 097c917c147661f5378da
CVE-2020-22048, 64d2e0b20066058cf1c6dc3c49adab6d18d66fcc / fddef964e8aa4a2c123e470db1436a082ff6bcf3, ticket/8303
</pre>
+<h3>3.2.17</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-20891, f8b4426c10aa65f4c04847a50ebfdcb8782a49b7 / 64a805883d7223c868a683f0030837d859edd2ab, ticket/8282
+CVE-2020-20892, 94e502e96b0870177e0af4c1e8718ac71475e374 / 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01, ticket/8265
+CVE-2020-20902, abf9627f70ed8467b1646d56205e61f965f11468 / 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22, ticket/8176
+</pre>
+
<h3>3.2.16</h3>
<p>
Fixes following vulnerabilities:
</p>
<pre>
CVE-2019-17539, cb456b8fb00e04bedf117cb4b72c87a9c3db5145 / 8df6884832ec413cf032dfaa45c23b1c7876670c
+CVE-2020-20446, f5d0848098c7877905a841b796c4e0a0de28620c / 223b5e8ac9f6461bb13ed365419ec485c5b2b002, ticket/7995
+CVE-2020-20453, d6737266a9690975d0e1589295419c6781a4e7ac / a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8, ticket/8003
CVE-2020-22037, 492318cb65967ff220ad84d2034f78c24fbdda54 / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-23906, eeb4dd786605487dc880fb2f2e9480ac0eafb06f / ec59dc73f0cc8930bf5dae389cd76d049d537ca7, ticket/8782
CVE-2020-35965, 30102ee94e7d37d0feb11351ee8b70c3f714af66 / 3e5959b3457f7f1856d997261e6ac672bba49e8b
+CVE-2020-22021, a7c3cfd8ea15bee839da7fb21e41f58b8fb0db9f / 7971f62120a55c141ec437aa3f0bacc1c1a3526b, ticket/8240
+CVE-2020-22015, ef75363a438b1212abeb8b3cf8d4ec451dfb199b / 4c1afa292520329eecd1cc7631bc59a8cca95c46, ticket/8190
CVE-2021-38114, eeda5a1bd42320d227e52d8b05b37986d143cce3 / 7150f9575671f898382c370acae35f9087a30ba1
CVE-2021-38171, 8028e18988445e13102d6f65b6f19b6805735698 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
CVE-2021-38291, 94551f3197a8570b13830f636c68f3507cd0bb7b / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
@@ -868,11 +881,9 @@ CVE-2019-13390, 9b236547f480a012cab32f8cad2dfe02774537c1 / aef24efb0c1e65097ab77
CVE-2019-17542, 039c13f109a46f8f65adfb65cafa8bdb7123a2a7 / 02f909dc24b1f05cfbba75077c7707b905e63cd2
CVE-2020-13904, 8a2ef6d25dc79d472ea7b184c3b95b4658c99838 / b5e39880fb7269b1b3577cee288e06aa3dc1dfa2
CVE-2020-13904, f80106e256e051082e507496cdaed564adbd4da9 / 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
-CVE-2020-20446, f5d0848098c7877905a841b796c4e0a0de28620c / 223b5e8ac9f6461bb13ed365419ec485c5b2b002, ticket/7995
CVE-2020-20448, e0983daf05d6c2f53a850619461e74a7392d9bd8 / 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
-CVE-2020-20453, d6737266a9690975d0e1589295419c6781a4e7ac / a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8, ticket/8003
-CVE-2020-22015, ef75363a438b1212abeb8b3cf8d4ec451dfb199b / 4c1afa292520329eecd1cc7631bc59a8cca95c46, ticket/8190
-CVE-2020-22021, a7c3cfd8ea15bee839da7fb21e41f58b8fb0db9f / 7971f62120a55c141ec437aa3f0bacc1c1a3526b, ticket/8240
+CVE-2020-20902, 1cff89a11fa051696109565b3bf88c94479374eb / 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
+CVE-2020-20902, f884af457321c49a759942f2cded910ee280cb67 / 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
</pre>
<h3>3.2.14</h3>
@@ -1297,6 +1308,32 @@ CVE-2016-7122, 1d90326f95a791db515f69a01a5f6ef867896d15 / e4e4a9cad7f21593d4bcb1
<h2>FFmpeg 2.8</h2>
+<h3>2.8.20</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-20451, 0c949b6ebfcee1b23a5fe33a3bc8af167956ea1e / 21265f42ecb265debe9fec1dbfd0cb7de5a8aefb, ticket/8094
+CVE-2020-21041, 3d350ec7281cd0d357231fc2c99f44ebe425d586 / 5d9f44da460f781a1604d537d0555b78e29438ba, ticket/7989
+CVE-2020-22016, 02161c6ed194ddfa00fd2af7684a8099852bc3ce / 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145, ticket/8183
+CVE-2020-22020, 93ad1e4a9f17ac5145c2957bb270a454c8a0cefd / ce5274c1385d55892a692998923802023526b765, ticket/8239
+CVE-2020-22022, ea5d154845dfc1c6e550d197d7da79aee87c9f66 / 07050d7bdc32d82e53ee5bb727f5882323d00dba, ticket/8264
+CVE-2020-22025, ff73a50456b93e8d555603c093a3ebd193d0b097 / ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8, ticket/8260
+CVE-2020-22031, 1a4d18820d551bedcfa03b7e8ca72df87d4b5cfa / 0e68e8c93f9068596484ec8ba725586860e06fc8, ticket/8243
+CVE-2020-22032, a19796a15ee0ab82e2b70d253d328111e9f916e0 / de598f82f8c3f8000e1948548e8088148e2b1f44, ticket/8275
+CVE-2020-22041, 4f566654e744c7810f4afdd91fe00fdd1ef46646 / 3488e0977c671568731afa12b811adce9d4d807f, ticket/8296
+CVE-2020-22044, 40dfd623632ed22bf3c98465ae3e68fcb1f31200 / 1d479300cbe0522c233b7d51148aea2b29bd29ad, ticket/8295
+CVE-2020-22046, 1a541dc0c5e1279251c9ed4cd416005fcca6e748 / 097c917c147661f5378dae8fe3f7e46f43236426, ticket/8294
+</pre>
+
+<h3>2.8.19</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-20902, db26d829edf83b8cb730d50831770c508fc6436f / 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22, ticket/8176
+</pre>
+
<h3>2.8.18</h3>
<p>
Fixes following vulnerabilities:
@@ -1305,6 +1342,7 @@ Fixes following vulnerabilities:
CVE-2020-20446, 287323027e0de523b12dca823c6cd5feef6569f7 / 223b5e8ac9f6461bb13ed365419ec485c5b2b002, ticket/7995
CVE-2020-22021, bc5dde5ec0ba79860e566a44439ac72ae4a827f1 / 7971f62120a55c141ec437aa3f0bacc1c1a3526b, ticket/8240
CVE-2020-22037, 9e84c17a43d84f4ba8e282f448dea04882b229cf / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-23906, a719482c8e51afbd490ec28cadf7fe01dc96e1de / ec59dc73f0cc8930bf5dae389cd76d049d537ca7, ticket/8782
CVE-2020-35965, 4371d51f1bdc92c4d2b159237b2d9c0a679151bb / 3e5959b3457f7f1856d997261e6ac672bba49e8b
CVE-2021-38114, c7b205dedd05a4983ab3ce557fdb06aa886127c9 / 7150f9575671f898382c370acae35f9087a30ba1
CVE-2021-38171, a5f40432b4deeae9b371e5a2d4395343ffcfa359 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
@@ -1329,6 +1367,8 @@ CVE-2019-11338, 4bc3382780541ac0ccbb27bcb0a92c3887495040 / 54655623a82632e762471
CVE-2019-12730, ef7bef2ba4c2f13bf89a28ff02c1c7352f028e7c / ed188f6dcdf0935c939ed813cf8745d50742014b
CVE-2019-17542, 5818ae3cff3295185b3317065b4482e527623545 / 02f909dc24b1f05cfbba75077c7707b905e63cd2
CVE-2020-20448, ef9340a9dc6e10ab96a111c44520a7016a38f5ad / 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
+CVE-2020-20902, 366cfe1615e2978e2bac2ce037373678fb9c9e26 / 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
+CVE-2020-20902, 7187b14d9bacebf9ea41596d0977a6ef114c416f / 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
</pre>
<h3>2.8.15</h3>
@@ -1339,6 +1379,7 @@ Fixes following vulnerabilities:
CVE-2018-7557, e724bd1dd9efea3abb8586d6644ec07694afceae / 7414d0bda7763f9bd69c26c068e482ab297c1c96
CVE-2018-12458, 6bbef938839adc55e8e048bc9cc2e0fafe2064df / e1182fac1afba92a4975917823a5f644bee7e6e8
CVE-2018-13302, a80b8a01cc934b3417cea5c50a9f607d77f223ec / ed22dc22216f74c75ee7901f82649e1ff725ba50
+CVE-2018-14394, 5775f837963dcf178876ca7d618e6d7dead830c0 / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
CVE-2018-1999010, feb31c7ade15719d292c20da60763173e2ba3991 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
CVE-2018-1999012, c75b8c9733efce84304a2dcec1bbfe806ab2e90f / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
</pre>
-----------------------------------------------------------------------
Summary of changes:
src/security | 85 ++++++++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 63 insertions(+), 22 deletions(-)
hooks/post-receive
--
More information about the ffmpeg-cvslog
mailing list