[FFmpeg-devel] [PATCH 2/2] web/security: add some missing CVEs

Michael Niedermayer michael at niedermayer.cc
Wed Apr 17 23:37:03 EEST 2019


---
 src/security | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/src/security b/src/security
index b6239bf..9175aba 100644
--- a/src/security
+++ b/src/security
@@ -12,6 +12,14 @@ CVE-2019-9718, cc5361ed18ab0f69cfbead7afc88fb81ed4b36ae / 1f00c97bc3475c477f3c46
 CVE-2019-9721, f7f3937494f6734d27fc3d0081c9c7a9a19614a8 / 894995c41e0795c7a44f81adc4838dedc3932e65
 </pre>
 
+<h3>4.1.1</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2019-1000016, b420f23566825192c3fc1f46fce24d19ffc1d72e / b97a4b658814b2de8b9f2a3bce491c002d34de31
+</pre>
+
 <h3>4.1</h3>
 <p>
 Fixes following vulnerabilities:
@@ -29,6 +37,12 @@ CVE-2018-13305, d08d4a8c7387e758d439b0592782e4cfa2b4d6a4
 CVE-2018-14394, 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
 CVE-2018-14395, fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
 CVE-2018-15822, 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
+CVE-2018-1999010, cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999011, 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
+CVE-2018-1999012, 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, a7e032a277452366771951e29fd0bf2bd5c029f0
+CVE-2018-1999014, bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75
+CVE-2018-1999015, 5aba5b89d0b1d73164d3b81764828bb8b20ff32a
 </pre>
 
 <h2>FFmpeg 4.0</h2>
@@ -62,6 +76,12 @@ CVE-2018-13303, 0003ace83b18f68c981c8ad401bee75315edf9f5 / 00e8181bd97c834fe6075
 CVE-2018-13304, 5fd1dce39a70340b9fd508154e48985902602e25 / bd27a9364ca274ca97f1df6d984e88a0700fb235
 CVE-2018-14394, 0981dfee7d413ec6f30f00ddb109e3959c05bebd / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
 CVE-2018-14395, fd53179f4a71e0acd807bdfff112a55e204fa4ba / fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
+CVE-2018-1999010, 6d992a51c75aafba6e21bff95cddae9d717bc7e3 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999011, a21703ca5d42e91b3a218e755020e90ef3af2eae / 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
+CVE-2018-1999012, 6f4b82cc3a879f5d3f9a4738bfd7d93757221958 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 37f505cc853f592d93b6285c8a91eece2e5b8b07 / a7e032a277452366771951e29fd0bf2bd5c029f0
+CVE-2018-1999014, a28ab09e2a2ac3fcc61e77ff5d702d9157eb37bc / bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75
+CVE-2018-1999015, 4439d6aa6956453f6f5479020ee71baebbec4287 / 5aba5b89d0b1d73164d3b81764828bb8b20ff32a
 </pre>
 
 <h3>4.0.1</h3>
@@ -82,6 +102,7 @@ Fixes following vulnerabilities:
 CVE-2018-6912, 76cc0f0f673353cd4746cd3b83838ae335e5d9ed
 CVE-2018-7751, a6cba062051f345e8ebfdff34aba071ed73d923f
 CVE-2018-7557, 7414d0bda7763f9bd69c26c068e482ab297c1c96
+CVE-2018-9841, 35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-10001, 47b7c68ae54560e2308bdb6be4fb076c73b93081
 </pre>
 
@@ -119,11 +140,16 @@ Fixes following vulnerabilities:
 <pre>
 CVE-2018-7557,  ae49cc73f265a155e5c4b1715570aab3d9741b4d / 7414d0bda7763f9bd69c26c068e482ab297c1c96
 CVE-2018-7751,  3fa6e594a0f2575ddb6b2183961fde42ab5ab37b / a6cba062051f345e8ebfdff34aba071ed73d923f
+CVE-2018-9841,  43916494f8cac6ed294309e70de346e309d51058 / 35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-10001, 51035698bde9c13da7eedc1f6eb47d190bbc949d / 47b7c68ae54560e2308bdb6be4fb076c73b93081
 CVE-2018-12458, bd1fd3ff4b0437153a6c4717f59ce31a7bba8ca0 / e1182fac1afba92a4975917823a5f644bee7e6e8
 CVE-2018-13300, 3a04f518ac283194bb13d8aff7d9fa963d551547 / 95556e27e2c1d56d9e18f5db34d6f756f3011148
 CVE-2018-13302, 36c779bffe2ceef48a0fa4d7a6691c6895faf9e2 / ed22dc22216f74c75ee7901f82649e1ff725ba50
 CVE-2018-14394, 20ad61ffb7b0fc72d17b5c21035eb85a698ac64b / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
+CVE-2018-1999010, 5da77e7e9e91a1f2a6b80f64f4202c0a4534e307 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999011, 9dea41eac7229688e566a4a3e3f8251acf7ab97c / 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
+CVE-2018-1999012, 717ece29fd497500ef0315d1841fa7bd0640f53c / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 09401d0a0abec4d1db395af3ddb2c610c5b51153 / a7e032a277452366771951e29fd0bf2bd5c029f0
 </pre>
 
 <h3>3.4.2</h3>
@@ -174,6 +200,9 @@ CVE-2018-13300, 672ada0f179b3ef45e52987d8c96716d23aa0722 / 95556e27e2c1d56d9e18f
 CVE-2018-13302, 78b1fbca3404459dcf8a1c34b5c7f9a5825ad61f / ed22dc22216f74c75ee7901f82649e1ff725ba50
 CVE-2018-14394, 6a0a16e563f07722acd4b666b2c501e186e9fa4b / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
 CVE-2018-14395, 87ddf73e52b412ee015108ec2f1aaac7a05c947f / fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
+CVE-2018-1999012, 9bb3047060c33e93ace258634aa89ee1705ec0c3 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 34654d41d4bd9abb3b848477a6dd0a7d33816d4e / a7e032a277452366771951e29fd0bf2bd5c029f0
+CVE-2018-1999010, 4d77a4a54d2f5c34a9cc7d3b3424d16e24515a0f / cced03dd667a5df6df8fd40d8de0bff477ee02e8
 </pre>
 
 <h3>3.3.7</h3>
@@ -184,6 +213,7 @@ Fixes following vulnerabilities:
 CVE-2018-6621, 0322f781777d4413bd57815ee9b5a7d6a0cfe716 / 118e1b0b3370dd1c0da442901b486689efd1654b
 CVE-2018-6392, d74839d793ebf8c6c7c4a2a8a22ae2bd695d2c41 / 3f621455d62e46745453568d915badd5b1e5bcd5
 CVE-2018-7557, bafb13dc0fd60f49f613bf4c52ce88b91176755c / 7414d0bda7763f9bd69c26c068e482ab297c1c96
+CVE-2018-9841, 49336482fd04541623e9418264644dd80640dbfe / 35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-10001,15d4dc0da1e9f2450b5f9e748e1704fc0e6ef3a4 / 47b7c68ae54560e2308bdb6be4fb076c73b93081
 </pre>
 
@@ -279,6 +309,7 @@ Fixes following vulnerabilities:
 </p>
 <pre>
 CVE-2018-15822, 1b283238226bf2ff1f328ab4811375240224b346 / 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
+CVE-2018-1999011, 67149cb2f68e3e96cd75804d83827ccd03386695 / 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
 </pre>
 
 <h3>3.2.12</h3>
@@ -302,6 +333,9 @@ CVE-2018-12458, d6f8960812b0a4ceac299a9000a1e921c74e431a / e1182fac1afba92a49759
 CVE-2018-13300, e6d3fd942f772f54ab6a5ca619cdaadef26b7702 / 95556e27e2c1d56d9e18f5db34d6f756f3011148
 CVE-2018-13302, 92972f19168f323cfe133a42abf130a5f159bfd6 / ed22dc22216f74c75ee7901f82649e1ff725ba50
 CVE-2018-14394, 3571bec56eb302dfe01732cc0cdcf75b35ae8211 / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
+CVE-2018-1999010, f65d6ff9ab06e2f4036a7e0f71072a216e66d239 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999012, e82a06d2bef568124860090e2ec0b0de887c40a1 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 4a42353c7a0c906a38c7cfc2fe29c0242a2c2231 / a7e032a277452366771951e29fd0bf2bd5c029f0
 </pre>
 
 <h3>3.2.10</h3>
@@ -555,6 +589,19 @@ CVE-2017-1000460, 641dccc2aa5e0bf6b3c06998f9a7f24a5cf725e7
 
 <h2>FFmpeg 3.0</h2>
 
+<h3>3.0.12</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2018-12458, 0d585110131186b47c092b683c7758922576ae61 / e1182fac1afba92a4975917823a5f644bee7e6e8
+CVE-2018-13302, 469503ac1de315a9288e333dbfc0896e3027227c / ed22dc22216f74c75ee7901f82649e1ff725ba50
+CVE-2018-14394, 790e6fead0785831e2273ad1b425a63c6b64aef3 / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
+CVE-2018-1999010, 94edbf464c007a76115cec61657d1e6accdaf8ca / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999012, 6cadf46dff14139ff2e5cf3276eb3ad58fb080e1 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, ee8c6566e2abd9ae46976dba9873ecd9bb24001f / a7e032a277452366771951e29fd0bf2bd5c029f0
+</pre>
+
 <h3>3.0.11</h3>
 <p>
 Fixes following vulnerabilities:
@@ -675,6 +722,8 @@ Fixes following vulnerabilities:
 CVE-2018-7557,  e724bd1dd9efea3abb8586d6644ec07694afceae / 7414d0bda7763f9bd69c26c068e482ab297c1c96
 CVE-2018-12458, 6bbef938839adc55e8e048bc9cc2e0fafe2064df / e1182fac1afba92a4975917823a5f644bee7e6e8
 CVE-2018-13302, a80b8a01cc934b3417cea5c50a9f607d77f223ec / ed22dc22216f74c75ee7901f82649e1ff725ba50
+CVE-2018-1999010, feb31c7ade15719d292c20da60763173e2ba3991 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999012, c75b8c9733efce84304a2dcec1bbfe806ab2e90f / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
 </pre>
 
 <h3>2.8.14</h3>
-- 
2.21.0



More information about the ffmpeg-devel mailing list