[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 7795bc7 web/security: add more missing CVE#s

ffmpeg-git at ffmpeg.org ffmpeg-git at ffmpeg.org
Fri Nov 25 18:20:26 EET 2022


The branch, master has been updated
       via  7795bc7bd6ac419f7d5a48a9ddbeb93fbf94102d (commit)
       via  0842a3cb16ecea5a41d8e519069bcbcfe8867887 (commit)
      from  c1acb1b9bd2551a147fd422e96ed456da810aef3 (commit)


- Log -----------------------------------------------------------------
commit 7795bc7bd6ac419f7d5a48a9ddbeb93fbf94102d
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Fri Nov 25 17:17:35 2022 +0100
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Fri Nov 25 17:17:35 2022 +0100

    web/security: add more missing CVE#s
    
    Found-by: Rasool Fatemi

diff --git a/src/security b/src/security
index ed5ec1d..65507de 100644
--- a/src/security
+++ b/src/security
@@ -2016,6 +2016,8 @@ Fixes following vulnerabilities:
 <pre>
 CVE-2014-4609, d6af26c55c1ea30f85a7d9edbc373f53be1743ee
 CVE-2014-4610, d6af26c55c1ea30f85a7d9edbc373f53be1743ee
+CVE-2014-125007, dfefc9097e9b4bb20442e65454a40043bd189b3d
+CVE-2014-125008, f5d1d1e4667ba346ea7e0f97e6d2756bc9d4abde
 </pre>
 
 <h2>FFmpeg 2.2</h2>
@@ -2097,14 +2099,45 @@ CVE-2014-4610, 7d9c059a3525aa9f3e257b4c13df2b8c30409f3c / d6af26c55c1ea30f85a7d9
 Fixes following vulnerabilities:
 </p>
 <pre>
-CVE-2014-2263, 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
-CVE-2014-2099, c919e1ca2ecfc47d796382973ba0e48b8f6f92a2
-CVE-2014-2098, ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3
 CVE-2014-2097, f58eab151214d2d35ff0973f2b3e51c5eb372da4
+CVE-2014-2098, ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3
+CVE-2014-2099, c919e1ca2ecfc47d796382973ba0e48b8f6f92a2
+CVE-2014-2263, 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
+CVE-2014-125002, f1caaa1c61310beba705957e6366f0392a0b005b
+CVE-2014-125003, 8001e9f7d17e90b4b0898ba64e3b8bbd716c513c
+CVE-2014-125004, 6ba02602aa7fc7d38db582e75b8b093fb3c1608d
+CVE-2014-125005, 3edc3b159503d512c919b3d5902f7026e961823a
+CVE-2014-125006, 8c55ff393340998faae887dfac19e7ef128e1e58
+CVE-2014-125009, 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4
+CVE-2014-125010, 91253839e14cce9793ee93f184cef609ca8195d5
+CVE-2014-125011, d42ec8433c687fcbccefa51a7716d81920218e4f
+CVE-2014-125012, a392bf657015c9a79a5a13adfbfb15086c1943b9
+CVE-2014-125013, c919e1ca2ecfc47d796382973ba0e48b8f6f92a2 (duplicate CVE#)
+CVE-2014-125014, d1e6602665d5ec1b7e211ab27b298c26139f82cc
+CVE-2014-125015, 18f94df8af04f2c02a25a7dec512289feff6517f
+CVE-2014-125016, e5c7229999182ad1cef13b9eca050dba7a5a08da
+CVE-2014-125017, 77bb0004bbe18f1498cfecdc68db5f10808b6599
+CVE-2014-125018, 8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa
+CVE-2014-125019, b25e84b7399bd91605596b67d761d3464dbe8a6e
+CVE-2014-125020, 1f097d168d9cad473dd44010a337c1413a9cd198
+CVE-2014-125021, 5430839144c6da0160e8e0cfb0c8db01de432e94
+CVE-2014-125022, 1713eec29add37b654ec6bf262b843d139c1ffc6
+CVE-2014-125023, 2240e2078d53d3cfce8ff1dda64e58fa72038602
+CVE-2014-125024, 4c3e1956ee35fdcc5ffdb28782050164b4623c0b
+CVE-2014-125025, 6e42ccb9dbc13836cd52cda594f819d17af9afa2
 </pre>
 
 <h2>FFmpeg 2.1</h2>
 
+<h3>2.1.8</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2015-1872, a6ba4c1116c16c01a2faf188d47c9ed7bb727a06 / fabbfaa095660982cc0bc63242c459561fa37037
+CVE-2015-3395, 99a69249837079417ca8bec6dd0515ca996a748e / f7e1367f58263593e6cee3c282f7277d7ee9d553
+</pre>
+
 <h3>2.1.7</h3>
 <p>
 Fixes following vulnerabilities:
@@ -2156,6 +2189,19 @@ CVE-2014-2099, 4cc18ee5da110087b5661ef0269ef59742e90a82 / c919e1ca2ecfc47d796382
 CVE-2014-2098, f91ef98c9d740d6c1410d5cf206bda80c2416808 / ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3
 CVE-2014-2097, 8c6a976feeea8ee0ccdb31fbddb0d9c98b44ae0d / f58eab151214d2d35ff0973f2b3e51c5eb372da4
 CVE-2014-2263, 4a28a3ddc4eb7322409f062f422c676f93d95ac1 / 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
+CVE-2014-125002, 23ae7bfb4e94a13204f7b5d09e7d9f87f795d698 / f1caaa1c61310beba705957e6366f0392a0b005b
+CVE-2014-125003, a8ed3685e1931fda969e2ee601fa767845138d33 / 8001e9f7d17e90b4b0898ba64e3b8bbd716c513c
+CVE-2014-125004, 32262ca7d781cc82126e848cc200cef36afd3f8c / 6ba02602aa7fc7d38db582e75b8b093fb3c1608d
+CVE-2014-125005, ea7ccf3748452b614b6ae81fa814303a49733fc2 / 3edc3b159503d512c919b3d5902f7026e961823a
+CVE-2014-125006, 846a9c67ff6ea022a66c3a65789a1ceb367917ba / 8c55ff393340998faae887dfac19e7ef128e1e58
+CVE-2014-125009, a94f367424051567995829d5e4a6a04977e2ecad / 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4
+CVE-2014-125010, d0d441b35053e04bbca2149cbf08f14499a1619c / 91253839e14cce9793ee93f184cef609ca8195d5
+CVE-2014-125011, 18eac12c6d470588afd8abc15396ba77dfdcb4ee / d42ec8433c687fcbccefa51a7716d81920218e4f
+CVE-2014-125014, 656770e2aacf44df2be01ee7fd60b035fd42c675 / d1e6602665d5ec1b7e211ab27b298c26139f82cc
+CVE-2014-125015, 6341a7006d74bf557c9ffb2a19f15e511d9b3b2b / 18f94df8af04f2c02a25a7dec512289feff6517f
+CVE-2014-125016, f8985cb9d995cb44f7ca957cdbd9b4d8654c9218 / e5c7229999182ad1cef13b9eca050dba7a5a08da
+CVE-2014-125018, e7b7e694168663813fdf1e99e0d1142cfd88e44b / 8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa
+CVE-2014-125025, 9fb364babdc7788bf955100958ef596448e5c1b1 / 6e42ccb9dbc13836cd52cda594f819d17af9afa2
 </pre>
 
 <h3>2.1</h3>
@@ -2235,6 +2281,12 @@ CVE-2014-2098, 13ce3673684e0fe69964f71660747e674c1f524c / ec9578d54d09b64bf112c2
 CVE-2014-2099, bc1c8ec5e65098fd2ccd8456f667151dfc9cda42 / c919e1ca2ecfc47d796382973ba0e48b8f6f92a2
 CVE-2014-2097, d0d0924947a40df52b06cafd86fc293949edbfc2 / f58eab151214d2d35ff0973f2b3e51c5eb372da4
 CVE-2014-2263, 5e7e43c33ea45550137f5dd2b9f81deef2acbfcd / 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
+CVE-2014-125002, 9847f02fafac16c1c3b72bad2f9bb5ccdd4d3678 / f1caaa1c61310beba705957e6366f0392a0b005b
+CVE-2014-125003, ca5d6c615e505bc84fe698650b4ddbd80229eb59 / 8001e9f7d17e90b4b0898ba64e3b8bbd716c513c
+CVE-2014-125004, 7c17207ab9acfaa934e8feb8fba90765c9d0b989 / 6ba02602aa7fc7d38db582e75b8b093fb3c1608d
+CVE-2014-125009, f0ee0fcbfcb5b42f57cd6b629c0cbba1a9160ee6 / 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4
+CVE-2014-125011, d41f4e8dc82bc734cd1beba5d5ef4a7b2038d15f / d42ec8433c687fcbccefa51a7716d81920218e4f
+CVE-2014-125016, 67b943ad661eb0f620448b1c8bc0d8089822ee5b / e5c7229999182ad1cef13b9eca050dba7a5a08da
 </pre>
 
 <h3>2.0.3</h3>
@@ -2357,6 +2409,9 @@ CVE-2014-2099, ab31a9ee4af5cfc0bab6b318512819fb706d0ff2 / c919e1ca2ecfc47d796382
 CVE-2014-2098, 11b14d0e63f882171e579f05a0af3b2679dd021a / ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3
 CVE-2014-2097, ca9d302519b690af1318c4c5ef6aeff118548819 / f58eab151214d2d35ff0973f2b3e51c5eb372da4
 CVE-2014-2263, a57d29a50c7a65cd75d55db78ffb24d326aec38f / 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
+CVE-2014-125002, 5e01cd3b697e756cad4ca00f4dd1cfb47512d186 / f1caaa1c61310beba705957e6366f0392a0b005b
+CVE-2014-125009, b580bae53ac79dafa8578f8cc77e30c435ab3405 / 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4
+CVE-2014-125011, 9085cdd677996fe792eef13bcbc670bf250e302b / d42ec8433c687fcbccefa51a7716d81920218e4f
 </pre>
 
 <h3>1.2.5</h3>

commit 0842a3cb16ecea5a41d8e519069bcbcfe8867887
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Fri Nov 25 17:16:47 2022 +0100
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Fri Nov 25 17:16:47 2022 +0100

    web/security: sort

diff --git a/src/security b/src/security
index aae87ee..ed5ec1d 100644
--- a/src/security
+++ b/src/security
@@ -166,11 +166,6 @@ CVE-2020-20891, 64a805883d7223c868a683f0030837d859edd2ab, ticket/8282
 CVE-2020-20892, 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01, ticket/8265
 CVE-2020-20896, dd01947397b98e94c3f2a79d5820aaf4594f4d3b, ticket/8273
 CVE-2020-20898, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263
-CVE-2021-38090, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
-CVE-2021-38091, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
-CVE-2021-38092, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
-CVE-2021-38093, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
-CVE-2021-38094, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
 CVE-2020-20902, 0c61661a2cbe1b8b284c80ada1c2fdddf4992cad, ticket/8176
 CVE-2020-20902, 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22, ticket/8176
 CVE-2020-20902, 5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd, ticket/8176
@@ -196,6 +191,11 @@ CVE-2020-22041, 3488e0977c671568731afa12b811adce9d4d807f, ticket/8296
 CVE-2020-22043, b288a7eb3d963a175e177b6219c8271076ee8590, ticket/8284
 CVE-2020-22044, 1d479300cbe0522c233b7d51148aea2b29bd29ad, ticket/8295
 CVE-2020-22046, 097c917c147661f5378dae8fe3f7e46f43236426, ticket/8294
+CVE-2021-38090, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38091, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38092, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38093, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
+CVE-2021-38094, 99f8d32129dd233d4eb2efa44678a0bc44869f23, ticket/8263, duplicate CVE#
 </pre>
 
 <h2>FFmpeg 4.2</h2>

-----------------------------------------------------------------------

Summary of changes:
 src/security | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 63 insertions(+), 8 deletions(-)


hooks/post-receive
-- 



More information about the ffmpeg-cvslog mailing list