[FFmpeg-cvslog] [ffmpeg-web] branch master updated. a4b40b1 web/security: add missing CVE#s

ffmpeg-git at ffmpeg.org ffmpeg-git at ffmpeg.org
Thu Nov 24 19:04:09 EET 2022


The branch, master has been updated
       via  a4b40b1f993070377e98759e6db0a4d08a9649c5 (commit)
      from  5c52853ae8867e2aad1a9f8256bfc0e00302e363 (commit)


- Log -----------------------------------------------------------------
commit a4b40b1f993070377e98759e6db0a4d08a9649c5
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Thu Nov 24 17:59:01 2022 +0100
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Thu Nov 24 18:01:18 2022 +0100

    web/security: add missing CVE#s

diff --git a/src/security b/src/security
index 44fa15e..270c455 100644
--- a/src/security
+++ b/src/security
@@ -11,8 +11,25 @@ Fixes following vulnerabilities:
 CVE-2022-2566, 6f53f0d09ea4c9c7f7354f018a87ef840315207d / c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
 </pre>
 
+<h3>5.1</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2022-1475, 757da974b21833529cc41bdcc9684c29660cdfa8, ticket/9651
+</pre>
+
+
 <h2>FFmpeg 5.0</h2>
 
+<h3>5.0.1</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2022-1475, 95322e07673885ebcbb8fd54f30a9b8f17d5be6a / 757da974b21833529cc41bdcc9684c29660cdfa8, ticket/9651
+</pre>
+
 <h3>5.0</h3>
 <p>
 Fixes following vulnerabilities:
@@ -32,6 +49,14 @@ CVE-2021-38291, e01d306c647b5827102260b885faa223b646d2d1 ticket/9312,
 
 <h2>FFmpeg 4.4</h2>
 
+<h3>4.4.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2022-1475, e9e2ddbc6c78cc18b76093617f82c920e58a8d1f / 757da974b21833529cc41bdcc9684c29660cdfa8, ticket/9651
+</pre>
+
 <h3>4.4.1</h3>
 <p>
 Fixes following vulnerabilities:
@@ -61,6 +86,7 @@ CVE-2020-20450, 5400e4a50c61e53e1bc50b3e77201649bbe9c510, ticket/7993
 CVE-2020-21041, 5d9f44da460f781a1604d537d0555b78e29438ba, ticket/7989
 CVE-2020-22038, 7c32e9cf93b712f8463573a59ed4e98fd10fa013, ticket/8285
 CVE-2020-22042, 426c16d61a9b5056a157a1a2a057a4e4d13eef84, ticket/8267
+CVE-2020-23906, ec59dc73f0cc8930bf5dae389cd76d049d537ca7, ticket/8782
 CVE-2020-24020, 584f396132aa19d21bb1e38ad9a5d428869290cb, ticket/8718
 CVE-2021-30123, d6f293353c94c7ce200f6e0975ae3de49787f91f, ticket/8845, never affected a release
 CVE-2020-35964, 27a99e2c7d450fef15594671eef4465c8a166bd7
@@ -78,6 +104,13 @@ Fixes following vulnerabilities:
 CVE-2020-21041, 50cadf8dc52e94372a181dd60a527c55d1d155f5 / 5d9f44da460f781a1604d537d0555b78e29438ba, ticket/7989
 </pre>
 
+<h3>4.3.4</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2022-1475, fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d / 757da974b21833529cc41bdcc9684c29660cdfa8, ticket/9651
+</pre>
 
 <h3>4.3.3</h3>
 <p>
@@ -113,6 +146,7 @@ Fixes following vulnerabilities:
 <pre>
 CVE-2020-13904, a3fdeb0c3a4ecabab2c2351b86fc92004526e9cc / b5e39880fb7269b1b3577cee288e06aa3dc1dfa2
 CVE-2020-14212, dd273d359e45ab69398ac0dc41206d5f1a9371bf / 0b3bd001ac1745d9d008a2d195817df57d7d1d14
+CVE-2020-23906, be84216c53a4ed81573c82320e9c4a20e9b349d9 / ec59dc73f0cc8930bf5dae389cd76d049d537ca7, ticket/8782
 </pre>
 
 <h3>4.3</h3>
@@ -128,6 +162,18 @@ CVE-2020-12284, 1812352d767ccf5431aa440123e2e260a4db2726
 CVE-2020-20448, 55279d699fa64d8eb1185d8db04ab4ed92e8dea2
 CVE-2020-20448, 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
 CVE-2020-20451, 21265f42ecb265debe9fec1dbfd0cb7de5a8aefb, ticket/8094
+CVE-2020-20891, 64a805883d7223c868a683f0030837d859edd2ab, ticket/8282
+CVE-2020-20892, 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01, ticket/8265
+CVE-2020-20896, dd01947397b98e94c3f2a79d5820aaf4594f4d3b, ticket/8273
+CVE-2020-20898, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263
+CVE-2021-38090, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38091, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38092, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38093, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38094, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2020-20902, 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
+CVE-2020-20902, 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22, ticket/8176
+CVE-2020-20902, 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
 CVE-2020-22016, 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145, ticket/8183
 CVE-2020-22017, d4d6b7b0355f3597cad3b8d12911790c73b5f96d, ticket/8309
 CVE-2020-22020, ce5274c1385d55892a692998923802023526b765, ticket/8239
@@ -149,6 +195,7 @@ CVE-2020-22040, 1a0c584abc9709b1d11dbafef05d22e0937d7d19, ticket/8283
 CVE-2020-22041, 3488e0977c671568731afa12b811adce9d4d807f, ticket/8296
 CVE-2020-22043, b288a7eb3d963a175e177b6219c8271076ee8590, ticket/8284
 CVE-2020-22044, 1d479300cbe0522c233b7d51148aea2b29bd29ad, ticket/8295
+CVE-2020-22046, 097c917c147661f5378dae8fe3f7e46f43236426, ticket/8294
 </pre>
 
 <h2>FFmpeg 4.2</h2>
@@ -180,6 +227,9 @@ CVE-2020-22048, 7d4c2d90b3997542a2dece32a1234f3bc3629610 / fddef964e8aa4a2c123e4
 Fixes following vulnerabilities:
 </p>
 <pre>
+CVE-2020-20891, 84fdfdf8595150c04b86febd1ef2eae3878c84b8 / 64a805883d7223c868a683f0030837d859edd2ab, ticket/8282
+CVE-2020-20892, 15900ff8e68f38404bd6d392d474d99f65cdbbf9 / 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01, ticket/8265
+CVE-2020-20896, c4629d8abe270ec5e5d79f7d18cd0b12cd5fd797 / dd01947397b98e94c3f2a79d5820aaf4594f4d3b, ticket/8273
 CVE-2020-22027, 98981312e15ad6bf1c90e660abf666b15924e350 / e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c, ticket/8242
 </pre>
 
@@ -194,6 +244,7 @@ CVE-2020-22015, cf876bdef8ba66c66518aa2192fff2975ad02d0b / 4c1afa292520329eecd1c
 CVE-2020-22019, e6b5c7a5fccf7237b2aceb4334dec53f181e0149 / 82ad1b76751bcfad5005440db48c46a4de5d6f02, CVE-2020-22033, ticket/8241,ticket/8246
 CVE-2020-22021, 0ab6b4469caf11119546a58c538f7c55af77ab36 / 7971f62120a55c141ec437aa3f0bacc1c1a3526b, ticket/8240
 CVE-2020-22037, 0f8a56d5aff8c6c8c414df4d938137131bbce32f / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-23906, 40e049856e4f78f2a91d0f7b8b80915e87c59d04 / ec59dc73f0cc8930bf5dae389cd76d049d537ca7, ticket/8782
 CVE-2020-35964, 955b471fbe77bdab4f007c43c65e71c596e212b5 / 27a99e2c7d450fef15594671eef4465c8a166bd7
 CVE-2020-35965, 4810fe79363d196b87a73333d37d3baad6c04f49 / 3e5959b3457f7f1856d997261e6ac672bba49e8b
 CVE-2021-38114, 796a84fd047099ba25329ee2c420d11709ebe8b1 / 7150f9575671f898382c370acae35f9087a30ba1
@@ -217,6 +268,20 @@ Fixes following vulnerabilities:
 <pre>
 CVE-2019-13312, eae4b6142223d6f214b97c00bc498884f3b98065 / def04022f4a7058f99e669bfd978d431d79aec18
 CVE-2020-12284, 838105153a579ff0cea0794afc0275c19c51d3a7 / 1812352d767ccf5431aa440123e2e260a4db2726
+CVE-2020-22046, 141c507e0584a8611209e885224842894bfd33f2 / 097c917c147661f5378dae8fe3f7e46f43236426, ticket/8294
+</pre>
+
+<h3>4.2.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-20448, 1c1b94aaae0e3ac5175244401997f44e01724c85 / 55279d699fa64d8eb1185d8db04ab4ed92e8dea2, ticket/7990
+CVE-2020-20448, f348a0bc3c3328c0e15e23968e5be65295685df0 / 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
+CVE-2020-22016, 2ec1b096b10319120795d8f9c7ff9dafd92d3a3d / 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145, ticket/8183
+CVE-2020-20902, 81672bf00f3b5a3c025034f4b2e33d67b72f3839 / 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22, ticket/8176
+CVE-2020-20902, b97aaf791f6ea3506a6252ecef6a1a0e9a542e04 / 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
+CVE-2020-20902, f725378bffc60264a5e91ec49a478316aa31fb23 / 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
 </pre>
 
 <h3>4.2.1</h3>
@@ -258,6 +323,17 @@ CVE-2020-22046, 48722306331bfa60096a2699f8b2a51c57f9a951 / 097c917c147661f5378da
 CVE-2020-22048, e7dbee00f0d356aaa4a2033b9caf8173a32afd4d / fddef964e8aa4a2c123e470db1436a082ff6bcf3, ticket/8303
 </pre>
 
+<h3>4.1.9</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-20891, d5cb859665d62658d7859f345650fcb38528c4ab / 64a805883d7223c868a683f0030837d859edd2ab, ticket/8282
+CVE-2020-20892, 439645004bb672a29145621549cb87acdb2f84db / 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01, ticket/8265
+CVE-2020-20896, 6fe33489be72eee8010c28165f4b12870df4c600 / dd01947397b98e94c3f2a79d5820aaf4594f4d3b, ticket/8273
+CVE-2020-20902, d38c8064d448e9190db311dc525cfdc674051901 / 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22, ticket/8176
+</pre>
+
 <h3>4.1.8</h3>
 <p>
 Fixes following vulnerabilities:
@@ -268,6 +344,7 @@ CVE-2020-22017, aef4cbec696ae4e349a72521fba1180b96a97fab / d4d6b7b0355f3597cad3b
 CVE-2020-22020, d60effdf83eddcdb18c84d339a526fb0318723fe / ce5274c1385d55892a692998923802023526b765, ticket/8239
 CVE-2020-22022, c79606f233fed20a6d31e6cd5f24466021eaf94b / 07050d7bdc32d82e53ee5bb727f5882323d00dba, ticket/8264
 CVE-2020-22023, 69f5d4b7fdcb93c2948255193870f5ea7605028c / 0b567238741854b41f84f7457686b044eadfe29c, ticket/8244
+CVE-2020-22025, 540047eda8391da511142d782c4145b23fdad173 / ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8, ticket/8260
 CVE-2020-22026, 3a9f384225cb6e5720d36d0b01dd446cfd6f1772 / 58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144, ticket/8317
 CVE-2020-22027, f5da6cff3504978bf6e713996988dcef0691d800 / e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c, ticket/8242
 CVE-2020-22028, 01f3824f6c46ef19025059752a4381daa2443097 / f069a9c2a65bc20c3462127623127df6dfd06c5b, ticket/8274
@@ -291,6 +368,7 @@ CVE-2020-22015, 14e172600e65817144be48a774c9b699b9563653 / 4c1afa292520329eecd1c
 CVE-2020-22019, c7da0dad1f17856a12c98135eae9824f771e8f3a / 82ad1b76751bcfad5005440db48c46a4de5d6f02, CVE-2020-22033, ticket/8241,ticket/8246
 CVE-2020-22021, b5ffefdd61c94eb98b1ca555b855e2c0bdd953d6 / 7971f62120a55c141ec437aa3f0bacc1c1a3526b, ticket/8240
 CVE-2020-22037, 51292064a2ce71b2adfc090ed7302b0ed3f0eab9 / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-23906, 4646f94b9cc83facb651a4540f342014cb75f937 / ec59dc73f0cc8930bf5dae389cd76d049d537ca7, ticket/8782
 CVE-2020-35965, 40f056abed4e0b0bc8e037da8b56bcb93d5660f2 / 3e5959b3457f7f1856d997261e6ac672bba49e8b
 CVE-2021-38114, ff3ae6999959150ef488b170bbcc2fb6610b3572 / 7150f9575671f898382c370acae35f9087a30ba1
 CVE-2021-38171, db3dd0545cdf690ee22f8b9807096d580bb8eb24 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
@@ -315,6 +393,11 @@ Fixes following vulnerabilities:
 CVE-2019-13390, 60094fc2f552aace794395648110408a6eb825ad / aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-17539, f2c01cc90b36e0efa60cc335bc910746d53e46ce / 8df6884832ec413cf032dfaa45c23b1c7876670c
 CVE-2019-17542, 731b4f7414b7ee5e2b90b55d6721c2df0dc4f160 / 02f909dc24b1f05cfbba75077c7707b905e63cd2
+CVE-2020-20448, 1b375b5036f4e38e4d02b0acfea75dcc9be00d6c / 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
+CVE-2020-20448, 22e645c56a4998c3aee669c491a696691793887e / 55279d699fa64d8eb1185d8db04ab4ed92e8dea2, ticket/7990
+CVE-2020-20902, a0c91fb0f0641f9f35f650281a176657907097cf / 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
+CVE-2020-20902, fa9ca0b663c1768ab2a537f5a48a4eb35e66b447 / 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
+CVE-2020-22016, 3ecbb180ef3b0524459d9bea9260c94356055b0e / 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145, ticket/8183
 </pre>
 
 <h3>4.1.4</h3>
@@ -397,6 +480,10 @@ CVE-2019-12730, 3935e8d967d6066a6f6667acf2a48f1337699039 / ed188f6dcdf0935c939ed
 CVE-2019-13390, 4a79f30d774dd81bde2da751fbd588e3413da2d7 / aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-17539, 7200fd51211f509c390e24398635920a460406ca / 8df6884832ec413cf032dfaa45c23b1c7876670c
 CVE-2019-17542, ce2caf5674c3adbab01635ed4535cbc208930a8e / 02f909dc24b1f05cfbba75077c7707b905e63cd2
+CVE-2020-20448, 8381e82f9cc08caac3f8f62ee4667cfcbce9c858 / 55279d699fa64d8eb1185d8db04ab4ed92e8dea2, ticket/7990
+CVE-2020-20448, aa9aba0fe138da4126c04ed3f5b406c6e0024b06 / 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
+CVE-2020-20902, ac36c00a44c74880e1ef18ba89b40f1dd12994ce / 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
+CVE-2020-20902, fa713c4c2448d9327625059fa6ca005995f120fd / 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
 </pre>
 
 <h3>4.0.4</h3>

-----------------------------------------------------------------------

Summary of changes:
 src/security | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)


hooks/post-receive
-- 



More information about the ffmpeg-cvslog mailing list