[FFmpeg-cvslog] [ffmpeg-web] branch master updated. f1d7fca web/security: Update CVEs for 4.0 and older branches

ffmpeg-git at ffmpeg.org ffmpeg-git at ffmpeg.org
Sun Apr 22 13:02:57 EEST 2018


The branch, master has been updated
       via  f1d7fcacab4cbb402e2dd7d5c2e64f735572b746 (commit)
      from  eb8f4427b1e14d71c3c5eb7c03dd4a5bdd73d8e1 (commit)


- Log -----------------------------------------------------------------
commit f1d7fcacab4cbb402e2dd7d5c2e64f735572b746
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Sun Apr 22 11:55:32 2018 +0200
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Sun Apr 22 12:01:52 2018 +0200

    web/security: Update CVEs for 4.0 and older branches

diff --git a/src/security b/src/security
index 8f66616..cd99272 100644
--- a/src/security
+++ b/src/security
@@ -1,7 +1,28 @@
 <p>Please report vulnerabilities to <a href="mailto:ffmpeg-security at ffmpeg.org">ffmpeg-security at ffmpeg.org</a></p>
 
+<h2>FFmpeg 4.0</h2>
+
+<h3>4.0</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2018-6912, 76cc0f0f673353cd4746cd3b83838ae335e5d9ed
+CVE-2018-7751, a6cba062051f345e8ebfdff34aba071ed73d923f
+CVE-2018-7557, 7414d0bda7763f9bd69c26c068e482ab297c1c96
+</pre>
+
 <h2>FFmpeg 3.4</h2>
 
+<h3>3.4.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2018-6621, 342f1da13489de6650349fff2206a81442d6c668 / 118e1b0b3370dd1c0da442901b486689efd1654b
+CVE-2018-6392, 2980b95fafb39148cfade120eab5c75b46bfffc6 / 3f621455d62e46745453568d915badd5b1e5bcd5
+</pre>
+
 <h3>3.4.1</h3>
 <p>
 Fixes following vulnerabilities:
@@ -23,6 +44,16 @@ CVE-2017-17081, 127a362630e11fe724e2e63fc871791fdcbcfa64
 
 <h2>FFmpeg 3.3</h2>
 
+<h3>3.3.7</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2018-6621, 0322f781777d4413bd57815ee9b5a7d6a0cfe716 / 118e1b0b3370dd1c0da442901b486689efd1654b
+CVE-2018-6392, d74839d793ebf8c6c7c4a2a8a22ae2bd695d2c41 / 3f621455d62e46745453568d915badd5b1e5bcd5
+CVE-2018-7557, bafb13dc0fd60f49f613bf4c52ce88b91176755c / 7414d0bda7763f9bd69c26c068e482ab297c1c96
+</pre>
+
 <h3>3.3.6</h3>
 <p>
 Fixes following vulnerabilities:
@@ -360,6 +391,51 @@ CVE-2017-1000460, 641dccc2aa5e0bf6b3c06998f9a7f24a5cf725e7
 
 <h2>FFmpeg 3.0</h2>
 
+<h3>3.0.11</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2018-6392, 5d06804b313677c149f106a8dba97988ad064385 / 3f621455d62e46745453568d915badd5b1e5bcd5
+CVE-2018-7557, fbf690d79a611a8dd9df1bce4189e5bf9c05508a / 7414d0bda7763f9bd69c26c068e482ab297c1c96
+</pre>
+
+<h3>3.0.10</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-11665, 2954ce9dea009573c9e0a286830e668f5ea31b8d / 08c073434e25cba8c43aae5ed9554fdd594adfb0
+CVE-2017-14054, 81e6a95e54ff197251570359dbc39b5b779fe972 / 124eb202e70678539544f6268efc98131f19fa49
+CVE-2017-17081, ad3b198f479a5a97dc58a6449ed93d4b346a8f19 / 127a362630e11fe724e2e63fc871791fdcbcfa64
+CVE-2017-11719, f31fc4755f69ab26bf6e8be47875b7dcede8e29e / 296debd213bd6dce7647cedd34eb64e5b94cdc92
+CVE-2017-16840, 94e538aebbc9f9c529e8b1f2eda860cfb8c473b1 / 3228ac730c11eca49d5680d5550128e397061c85
+CVE-2017-14055, 9a73a776816b359cc5befe2ddaa7edef22c4f353 / 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
+CVE-2017-17081, b8a6b5602762e540fbac982cbc3689fa0d2768de / 58cf31cee7a456057f337b3102a03206d833d5e8
+CVE-2017-14059, adca94d65e5c70d9fc104abc38081fa147d7f046 / 7e80b63ecd259d69d383623e75b318bf2bd491f6
+CVE-2017-14058, b9fa2a86e6ddb26d3104521c4d54a6e5ded92a25 / 7ec414892ddcad88313848494b6fc5f437c9ca4a
+CVE-2017-14057, 39ddbd204aad0e1e1988b108a507f3c608b0129b / 7f9ec5593e04827249e7aeb466da06a98a0d7329
+CVE-2017-14225, cf838b8fd263c140b048e629c7a9c7addef001fb / 837cb4325b712ff1aab531bf41668933f61d75d2
+CVE-2017-14170, 74c067e95572dd4bfb069123f44d68b8a12e1991 / 900f39692ca0337a98a7cf047e4e2611071810c2
+CVE-2017-14056, 4c6bed6e3be18f09223e952213b9cb1098ff956f / 96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
+CVE-2017-14222, d08abbd0bd165f528fb97bd02c71e551d9f763ff / 9cb4eb772839c5e1de2855d126bf74ff16d13382
+CVE-2017-14169, b2aa633d663d4ed962ed92fcf5657df50521a8d9 / 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
+CVE-2017-14223, e4a9790bac9277e7037d9f56fb3354c97d14b726 / afc9c683ed9db01edb357bc8c19edad4282b3a97
+CVE-2017-14171, c6d3640cf71ce1ada67a5d488fc4db92f84a0dd6 / c24bcb553650b91e9eff15ef6e54ca73de2453b7
+CVE-2017-15186, 6fa58eabb18c4641f0a02c1756e1daadc0d4427b / df62b70de8aaa285168e72fe8f6e740843ca91fa
+CVE-2017-11665, 81c940b151016fb6f363e6ce621c591bbb58bacf / ffcc82219cef0928bed2d558b19ef6ea35634130
+</pre>
+
+<h3>3.0.9</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9993, bb1014279d865597c281c651c9d78dfb56ca2742 / 189ff4219644532bdfa7bab28dfedaee4d6d4021
+CVE-2017-9993, 794bcc6eca21a4ac64a282a4150036426e641f7b / a5d849b149ca67ced2d271dc84db0bc95a548abb
+CVE-2017-11399, 3cae97b090e139acfcda6dda7c73f2e607c4f74a / ba4beaf6149f7241c8bd85fe853318c2f6837ad0
+</pre>
+
 <h3>3.0.8</h3>
 <p>
 Fixes following vulnerabilities:
@@ -427,6 +503,37 @@ CVE-2016-7122, 1d90326f95a791db515f69a01a5f6ef867896d15 / e4e4a9cad7f21593d4bcb1
 
 <h2>FFmpeg 2.8</h2>
 
+<h3>2.8.14</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-17081, 0d9baa6d16cc84a12f0c73af383c5242a3e4c451 / 127a362630e11fe724e2e63fc871791fdcbcfa64
+CVE-2018-6392,  ed06873b7b2dcace1dd421d92c3aaee2a4d6b26d / 3f621455d62e46745453568d915badd5b1e5bcd5
+CVE-2017-17081, 0a9e416a19c00560fe14d588849b7b358e88f921 / 58cf31cee7a456057f337b3102a03206d833d5e8
+CVE-2017-14222, dc4ef664ab385e4e1d44746c811a37445f3dedbe / 9cb4eb772839c5e1de2855d126bf74ff16d13382
+CVE-2017-14223, fa655983093030acfa3b20df1068e4aeb7d25f56 / afc9c683ed9db01edb357bc8c19edad4282b3a97
+</pre>
+
+<h3>2.8.13</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-11665, b566ab49ca84d7e83a40638e066b33cb5a1ef1ac / 08c073434e25cba8c43aae5ed9554fdd594adfb0
+CVE-2017-14055, 6b004e23d7fcdd3c69717bc12e6dcc070ab563b2 / 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
+CVE-2017-14059, c70fdd9948085a72c8f622c6e22d9349cbf0bc75 / 7e80b63ecd259d69d383623e75b318bf2bd491f6
+CVE-2017-14058, 498e07daa18cca6115eb415e592cde3701a2b800 / 7ec414892ddcad88313848494b6fc5f437c9ca4a
+CVE-2017-14057, 6904464301bbfff6e21616d43d657b163359bb3d / 7f9ec5593e04827249e7aeb466da06a98a0d7329
+CVE-2017-14225, c1a9f5675b956acc2080cab1953d83d501c3d5d9 / 837cb4325b712ff1aab531bf41668933f61d75d2
+CVE-2017-14170, accf7d34a8825c7a07db499afbc5cf1b038db6d0 / 900f39692ca0337a98a7cf047e4e2611071810c2
+CVE-2017-14056, 1720050ae6eba72577e4a235994a53de5d72f8d7 / 96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
+CVE-2017-14169, d6860265076607811de68e6ac03ad5df9dfdb681 / 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
+CVE-2017-11399, bbcb59b948264317a6fea016f9659a317355e4db / ba4beaf6149f7241c8bd85fe853318c2f6837ad0
+CVE-2017-14171, 5b3986023bbf3a8beb36d30ae580132b8bd66670 / c24bcb553650b91e9eff15ef6e54ca73de2453b7
+CVE-2017-11665, 8f9cbb3b7e844f80e07caac40ac14a64aa938c99 / ffcc82219cef0928bed2d558b19ef6ea35634130
+</pre>
+
 <h3>2.8.12</h3>
 <p>
 Fixes following vulnerabilities:

-----------------------------------------------------------------------

Summary of changes:
 src/security | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)


hooks/post-receive
-- 



More information about the ffmpeg-cvslog mailing list