Back to ffmpeg PTS page

Accepted ffmpeg 7:3.2.16-1+deb9u1 (source) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Nov 2021 19:27:15 +0100
Source: ffmpeg
Architecture: source
Version: 7:3.2.16-1+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Changes:
 ffmpeg (7:3.2.16-1+deb9u1) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * [23aefd3] New upstream version 3.2.16. Following CVEs are fixed:
       CVE-2021-38291 - assertion failure at src/libavutil/mathematics.c
       CVE-2020-22054 - A Denial of Service vulnerability due to a memory
                        leak in the av_dict_set function in dict.c.
       CVE-2020-22049 - A Denial of Service vulnerability due to a memory
                        leak in the wtvfile_open_sector function in wtvdec.c.
       CVE-2020-22037 - A Denial of Service vulnerability due to a memory
                        leak in avcodec_alloc_context3 at options.c
       CVE-2020-20453 - Divide By Zero issue via libavcodec/aaccoder, which
                        allows a remote malicious user to cause a Denial of
                        Service.
       CVE-2020-20446 - Divide By Zero issue via libavcodec/aacpsy.c, which
                        allows a remote malicious user to cause a Denial of
                        Service.
       CVE-2020-20445 - Divide By Zero issue via libavcodec/lpc.h, which
                        allows a remote malicious user to cause a Denial of
                        Service.
   * [00f277b] CVE-2020-22048 - A Denial of Service vulnerability due to a
                        memory leak in the ff_frame_pool_get function in
                        framepool.c.
   * [07e4324] CVE-2020-22046 - A Denial of Service vulnerability due to a
                        memory leak in the avpriv_float_dsp_allocl function
                        in libavutil/float_dsp.c.
   * [9f66aa6] CVE-2020-22044 - A Denial of Service vulnerability due to a
                        memory leak in the url_open_dyn_buf_internal function
                        in libavformat/aviobuf.c.
   * [93dcb1b] CVE-2020-22041 - A Denial of Service vulnerability due to a
                        memory leak in the av_buffersrc_add_frame_flags function
                        in buffersrc.
   * [c8769d4] CVE-2020-20451 - Denial of Service issue due to resource
                        management errors via fftools/cmdutils.c.
Checksums-Sha1:
 de81a7bed1edce57aa102c2914e1092ac4441412 4914 ffmpeg_3.2.16-1+deb9u1.dsc
 e087af8bdfc752f139f106ca5305b61a1b16fa7f 8074212 ffmpeg_3.2.16.orig.tar.xz
 d5598a0867c5ef9c1b3d9459d3eb41e1031bcd5a 47228 ffmpeg_3.2.16-1+deb9u1.debian.tar.xz
 0eb696b1aa342de6019d122b15b32cea68bcd46d 11093 ffmpeg_3.2.16-1+deb9u1_source.buildinfo
Checksums-Sha256:
 26af67cada648f4ef9b982a6e5f66ae23a57de47c80a2d53ae3f0b57a5871472 4914 ffmpeg_3.2.16-1+deb9u1.dsc
 9b5ce1a4fc1110c1e69e8840fb5911ec9530bd8b20c6984ab2ca23bf2cf882be 8074212 ffmpeg_3.2.16.orig.tar.xz
 5e5c4e2b700069d76aafb8dd103406ae99820750d0399fbc586ba87f5c0c63b2 47228 ffmpeg_3.2.16-1+deb9u1.debian.tar.xz
 913454e4d9d82db5da4d3628ac5a73a09906c51582dae641bf5b1670c6b48b59 11093 ffmpeg_3.2.16-1+deb9u1_source.buildinfo
Files:
 2ea4c3295339a498e4cd0e541c81bfb6 4914 video optional ffmpeg_3.2.16-1+deb9u1.dsc
 3379bd66c9a1a7cc9342d09aeba17557 8074212 video optional ffmpeg_3.2.16.orig.tar.xz
 c9b50f850a3092909393deaefd78bd83 47228 video optional ffmpeg_3.2.16-1+deb9u1.debian.tar.xz
 6ca14ba6e543c56eb57822f0873e365a 11093 video optional ffmpeg_3.2.16-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmGQEb4ACgkQ0+Fzg8+n
/wYinw//fB7LPz7RYr2dVbvwoEdM4+b8np2L70qkczZXjXvMCu6S5EvJNDMXcwpL
xGVDhl5Gc7atxbgKzRJVmL4qI5PS8qX5sinCCbU4XjxICKYpzxSiTFz5qGRUv+Af
MfpudQhkEHJutqa+Aa3hyt5US4wReMotHun0LLkPUAGnPrCJsxPhQ9RNISsHS97v
0w64y6/7xHcgTNeTSwNtIncWsCaSM/iw1HtQi3IFQlHiB8erEZ+7HJDT/hxD9CM9
ql/h2DzzJw2AW5dC6Hsx5FEu4zqi8l4LDOWbop15sXTBoFVFDsRHBKPQqzCL4dHu
dNr9KSHCh3Rn6KcPoVJ1R+H5uL6FcTrL120wYe8m6r+uuXeJpo1RiHX1fMCKi5VP
N+wiGjnb7rq8BofJpUMA3ya7YKNHFQ7liSqpwwHjtNt9HqkO7AQrujHE1eC1E+1O
TWkxymjBW1YmLPuc7lsVc6c0hdG3FG62F3wL65YNtV73wrApw6qTQfNDpoIOe1RA
0zxN++JLj7KQcYZtkL01svrVNvVv2sZLBfeFNyunkEJfVfrVkItZN9OlFIuZnoib
uhaUIOIY5mtzBKG1UK9JlYVm3U9BPbvWHc/xofoIDRccTOopn96/IBjCaZflH7P8
G3m2PHiNSSFq9dlYA6fF838H/2IRH2hQD3K3LqiZsxEHz42Cl5w=
=mk4G
-----END PGP SIGNATURE-----