Back to ffmpeg PTS page

Accepted ffmpeg 7:3.2.15-0+deb9u3 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted ffmpeg 7:3.2.15-0+deb9u3 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 14 Aug 2021 22:30:11 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1mF2AN-0004bV-Ph@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Aug 2021 18:31:23 +0200
Source: ffmpeg
Architecture: source
Version: 7:3.2.15-0+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Changes:
 ffmpeg (7:3.2.15-0+deb9u3) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-22036: A heap-based Buffer Overflow vulnerability
     in filter_intra at libavfilter/vf_bwdif.c, which might lead
     to memory corruption and other potential consequences.
   * CVE-2020-22032: A heap-based Buffer Overflow vulnerability in
     gaussian_blur, which might lead to memory corruption and other
     potential consequences.
   * CVE-2020-22031: A Heap-based Buffer Overflow vulnerability in
     filter16_complex_low, which might lead to memory corruption and
     other potential consequences.
   * CVE-2020-22028: Buffer Overflow vulnerability in filter_vertically_8
     at libavfilter/vf_avgblur.c, which could cause a remote
     Denial of Service.
   * CVE-2020-22026: Buffer Overflow vulnerability exists in the config_input
     function at libavfilter/af_tremolo.c, which could let a remote malicious
     user cause a Denial of Service.
   * CVE-2020-22025: A heap-based Buffer Overflow vulnerability exists in
     gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory
     corruption and other potential consequences.
   * CVE-2020-22023: A heap-based Buffer Overflow vulnerabililty exists
     in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to
     memory corruption and other potential consequences.
   * CVE-2020-22022: A heap-based Buffer Overflow vulnerability exists in
     filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory
     corruption and other potential consequences.
   * CVE-2020-22021: Buffer Overflow vulnerability at filter_edges function in
     libavfilter/vf_yadif.c, which could let a remote malicious user cause a
     Denial of Service.
   * CVE-2020-22020: Buffer Overflow vulnerability in the build_diff_map function
     in libavfilter/vf_fieldmatch.c, which could let a remote malicious user
     cause a Denial of Service.
   * CVE-2020-22016: A heap-based Buffer Overflow vulnerability at
     libavcodec/get_bits.h when writing .mov files, which might lead to memory
     corruption and other potential consequences.
   * CVE-2020-22015: Buffer Overflow vulnerability in mov_write_video_tag due to
     the out of bounds in libavformat/movenc.c, which could let a remote
     malicious user obtain sensitive information, cause a Denial of Service, or
     execute arbitrary code.
   * CVE-2020-21041: Buffer Overflow vulnerability exists via
     apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote
     malicious user cause a Denial of Service
   * CVE-2021-3566: The tty demuxer did not have a 'read_probe' function
     assigned to it. By crafting a legitimate "ffconcat" file that references an
     image, followed by a file the triggers the tty demuxer, the contents of the
     second file will be copied into the output file verbatim (as long as the
     `-vcodec copy` option is passed to ffmpeg).
   * CVE-2021-38114: libavcodec/dnxhddec.c does not check the return value of the
     init_vlc function. Crafted DNxHD data can cause unspecified impact.
Checksums-Sha1:
 ae4cd02b164a7c6dbece97870b33f0d9bd135270 4914 ffmpeg_3.2.15-0+deb9u3.dsc
 b84a30d4642d7d2c4f843b6887b2039413c8765c 47480 ffmpeg_3.2.15-0+deb9u3.debian.tar.xz
 9e50aedf39ad830ef1dee370e611c235e7311116 10742 ffmpeg_3.2.15-0+deb9u3_source.buildinfo
Checksums-Sha256:
 f7c063f692493b441a7e481e4b9e5aeaa6179809ebf1c27b0e437875cda8033a 4914 ffmpeg_3.2.15-0+deb9u3.dsc
 74d174bcccb41616909d220b3d3af8477c2e64133ef3219b3192cca565c9f450 47480 ffmpeg_3.2.15-0+deb9u3.debian.tar.xz
 095b797eabf7a0af5ea1f083cefe086807bcb9abf91409fc84191461e158779f 10742 ffmpeg_3.2.15-0+deb9u3_source.buildinfo
Files:
 8212f1d2bb84a2240619f5464d18edf1 4914 video optional ffmpeg_3.2.15-0+deb9u3.dsc
 c2294140155d92cefa761b892e543c12 47480 video optional ffmpeg_3.2.15-0+deb9u3.debian.tar.xz
 73e99f80fe579d5e726cf0c983cd5600 10742 video optional ffmpeg_3.2.15-0+deb9u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmEX8D0ACgkQ0+Fzg8+n
/wYx7w/9HNKQ/Z3Hl4S0K4/tFf8Niz5RqSotOs1zvjauH+u7+atswSicEnI7XFay
G4QhST/GqlVSpx77MykcyRAfzD7PYY9NIjibnpqBCSfDjHM3NqtGt3CCMDjHCazY
iKNhHW+kOJfeqfZzZ+zRTbkCDjhjK83cVmepfOoOM/8rfgnrT/JfSDLpt2yX0QGN
oa9pYmmkZINNuAhaASEV6JXCU6sIWUna6gf0K2L7xsHwW1o5loGptC1sy5/2Udaw
tceGqwwMGqGugAJdZ8XWSigxq4XkCtccmhhsg4WjZEKAWoH+CPtfStN3M3rVfyZl
mpyq+BRzuZLuPaZVxZYvzSCwHx1ZSg5C5DXWIfiHgGthfvqWYt0Znvq+fJNMQkCW
h+5cdjHiJLRe0jVVuCrVp+0zZlVjmjvyi+xCeFDkiy6C+n7cAav/NsOjGmb03QUb
QFf7q02dRae+idLRZEjuv2eJ2FdOnFBWYNC/eXCPbKHyeW7go0Dg43IvK1KdhHkq
5KQAk66cMCE14RqTrzmvzekG5B5tm38CFAPeWwTstUtSJQNOv/Zvi97hVVI/JdcI
PGlZxu/9XEy8cEhT+iUy0+bLzo/c4sUIFXy8h0B9t+lJPQiSvpKn9/nMEN+NQ7ye
6tSBECqldH6I1MmiDkV1GQlHVfJ2lE7m0oDHd2JlW3waXiesieo=
=GdtX
-----END PGP SIGNATURE-----