Univention Bugzilla – Bug 52730
ffmpeg: Multiple issues (4.4)
Last modified: 2021-02-03 15:04:10 CET
New Debian ffmpeg 7:3.2.15-0+deb9u2 fixes: This update addresses the following issues: * In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. (CVE-2019-17539) * decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. (CVE-2020-35965)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/ffmpeg_3.2.15-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/ffmpeg_3.2.15-0+deb9u2.dsc @@ -1,3 +1,12 @@ +7:3.2.15-0+deb9u2 [Sat, 30 Jan 2021 19:28:22 -0500] Roberto C. Sanchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS team. + * Security fixes: + - CVE-2019-17539: NULL pointer dereference and possibly unspecified other + impact when there is no valid close function pointer + - CVE-2020-35965: out-of-bounds write because of errors in calculations of + when to perform memset zero operations (Closes: #979999) + 7:3.2.15-0+deb9u1 [Mon, 27 Jul 2020 08:57:14 +0300] Adrian Bunk <bunk@debian.org>: * Non-maintainer upload by the LTS team. <http://10.200.17.11/4.4-7/#5124841720450091996>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 688d2b694e Bug #52730: ffmpeg 7:3.2.15-0+deb9u2 doc/errata/staging/ffmpeg.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x878>