[FFmpeg-cvslog] [ffmpeg-web] branch master updated. e6c4f7c web/security: add CVE#s for recent releases
ffmpeg-git at ffmpeg.org
ffmpeg-git at ffmpeg.org
Mon Oct 25 00:39:33 EEST 2021
The branch, master has been updated
via e6c4f7c832630f3fa30917bdcf4d71de33e36f76 (commit)
via 351690137ecb76e7732f77184df4f593bc5159c0 (commit)
from 4fc8bb64e0f21ed9e4e2fd1b8a9117a1cbd4e216 (commit)
- Log -----------------------------------------------------------------
commit e6c4f7c832630f3fa30917bdcf4d71de33e36f76
Author: Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Sun Oct 24 23:37:49 2021 +0200
Commit: Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Sun Oct 24 23:37:49 2021 +0200
web/security: add CVE#s for recent releases
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
diff --git a/src/security b/src/security
index 1248018..ec90c33 100644
--- a/src/security
+++ b/src/security
@@ -2,6 +2,18 @@
<h2>FFmpeg 4.4</h2>
+<h3>4.4.1</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+4254dbe20fea3e3e1897c82027f148c868d6c11e CVE-2020-22037, / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+43bdf562c3f69261d742dd35dfe5147fb3c007d0 CVE-2021-33815, / 26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
+46bbf194c44e49f08bbb028c5b933a901a84a7bd CVE-2021-38114, / 7150f9575671f898382c370acae35f9087a30ba1
+fb993619d1035fa9646506925ea70fb122038999 CVE-2021-38171, / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+07dec5b0c383ebd6053bdf0a022dfe4aa01b9b70 CVE-2021-38291, / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
+</pre>
+
<h3>4.4</h3>
<p>
Fixes following vulnerabilities:
@@ -16,12 +28,35 @@ CVE-2020-22038, 7c32e9cf93b712f8463573a59ed4e98fd10fa013, ticket/8285
CVE-2020-22042, 426c16d61a9b5056a157a1a2a057a4e4d13eef84, ticket/8267
CVE-2020-24020, 584f396132aa19d21bb1e38ad9a5d428869290cb, ticket/8718
CVE-2021-30123, d6f293353c94c7ce200f6e0975ae3de49787f91f, ticket/8845, never affected a release
+CVE-2020-35964, 27a99e2c7d450fef15594671eef4465c8a166bd7
CVE-2020-35965, 3e5959b3457f7f1856d997261e6ac672bba49e8b
CVE-2020-35965, b0a8b40294ea212c1938348ff112ef1b9bf16bb3
</pre>
<h2>FFmpeg 4.3</h2>
+<h3>4.3.3</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-20450, 3865b1952e5cf993b016d83ba78fe1deb63bbfad / 5400e4a50c61e53e1bc50b3e77201649bbe9c510, ticket/7993
+CVE-2020-22037, c6e7b345f5fd261ade273ea2d0cfa51fc6b512ac / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-22042, a23078a721682268caf03fc6d24a6ab202d309ae / 426c16d61a9b5056a157a1a2a057a4e4d13eef84, ticket/8267
+CVE-2021-38114, 7c455ee86a79b54857361e2a6eaf8a23783eaf3b / 7150f9575671f898382c370acae35f9087a30ba1
+CVE-2021-38171, 9f38effa59e2f7d9a0475cd90c02bbd76c8e75a1 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+CVE-2021-38291, 76470ae27fc8cd48890ee0cb6ff20c46bd984f67 / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
+</pre>
+
+<h3>4.3.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-35964, 4f0bdff292391cdb96b79b08c56533029166bdc8 / 27a99e2c7d450fef15594671eef4465c8a166bd7
+CVE-2020-35965, a53ffb15d8ae9bed14041b4cf62e436852e95431 / 3e5959b3457f7f1856d997261e6ac672bba49e8b
+</pre>
+
<h3>4.3.1</h3>
<p>
Fixes following vulnerabilities:
@@ -69,6 +104,19 @@ CVE-2020-22044, 1d479300cbe0522c233b7d51148aea2b29bd29ad, ticket/8295
<h2>FFmpeg 4.2</h2>
+<h3>4.2.5</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-22037, 0f8a56d5aff8c6c8c414df4d938137131bbce32f / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-35964, 955b471fbe77bdab4f007c43c65e71c596e212b5 / 27a99e2c7d450fef15594671eef4465c8a166bd7
+CVE-2020-35965, 4810fe79363d196b87a73333d37d3baad6c04f49 / 3e5959b3457f7f1856d997261e6ac672bba49e8b
+CVE-2021-38114, 796a84fd047099ba25329ee2c420d11709ebe8b1 / 7150f9575671f898382c370acae35f9087a30ba1
+CVE-2021-38171, 5976047ae0227fe4fdaea6b7d1bf6eb671984da6 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+CVE-2021-38291, d17624507ac5c2622fa8de74d213d8ba3df6387c / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
+</pre>
+
<h3>4.2.4</h3>
<p>
Fixes following vulnerabilities:
@@ -114,6 +162,40 @@ CVE-2019-1000016, b97a4b658814b2de8b9f2a3bce491c002d34de31
<h2>FFmpeg 4.1</h2>
+<h3>4.1.8</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-21041, e06e89f6275c62316da489c567fce3d2ef6f594a / 5d9f44da460f781a1604d537d0555b78e29438ba, ticket/7989
+CVE-2020-22017, aef4cbec696ae4e349a72521fba1180b96a97fab / d4d6b7b0355f3597cad3b8d12911790c73b5f96d, ticket/8309
+CVE-2020-22020, d60effdf83eddcdb18c84d339a526fb0318723fe / ce5274c1385d55892a692998923802023526b765, ticket/8239
+CVE-2020-22022, c79606f233fed20a6d31e6cd5f24466021eaf94b / 07050d7bdc32d82e53ee5bb727f5882323d00dba, ticket/8264
+CVE-2020-22023, 69f5d4b7fdcb93c2948255193870f5ea7605028c / 0b567238741854b41f84f7457686b044eadfe29c, ticket/8244
+CVE-2020-22026, 3a9f384225cb6e5720d36d0b01dd446cfd6f1772 / 58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144, ticket/8317
+CVE-2020-22027, f5da6cff3504978bf6e713996988dcef0691d800 / e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c, ticket/8242
+CVE-2020-22028, 01f3824f6c46ef19025059752a4381daa2443097 / f069a9c2a65bc20c3462127623127df6dfd06c5b, ticket/8274
+CVE-2020-22029, 29f1cf0c0f5d90e81a438dc12a4782dc424bf5ec / a7fd1279703683ebb548ef7baa2f1519994496ae, ticket/8250
+CVE-2020-22030, df5e01770900f11eec0c500ccbaddcc6a9d0963d / e1b89c76f66343d1b495165664647317c66764bb, ticket/8276
+CVE-2020-22031, da3d6068f3fbbe89c57b6c68c178a54dee168d95 / 0e68e8c93f9068596484ec8ba725586860e06fc8, ticket/8243
+CVE-2020-22032, ac5a7d5a67afb6b26460412d51f026ecf22c2193 / de598f82f8c3f8000e1948548e8088148e2b1f44, ticket/8275
+CVE-2020-22034, f1fc3fe3179109328229421451e3219de1ab9521 / 1331e001796c656a4a3c770a16121c15ec1db2ac, ticket/8236
+CVE-2020-22035, 8c9ff740a35d6f46935f70e4a9533dddaaf33788 / 0749082eb93ea02fa4b770da86597450cec84054, ticket/8262
+CVE-2020-22036, d7490ef341e253294aa0abf1e4ed8381c1b0ea91 / 8c3166e1c302c3ba80d9742ae46161c0fa8e2606, ticket/8261
+</pre>
+
+<h3>4.1.7</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-22037, 51292064a2ce71b2adfc090ed7302b0ed3f0eab9 / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-35965, 40f056abed4e0b0bc8e037da8b56bcb93d5660f2 / 3e5959b3457f7f1856d997261e6ac672bba49e8b
+CVE-2021-38114, ff3ae6999959150ef488b170bbcc2fb6610b3572 / 7150f9575671f898382c370acae35f9087a30ba1
+CVE-2021-38171, db3dd0545cdf690ee22f8b9807096d580bb8eb24 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+CVE-2021-38291, dfb9a3f7f3ca35eb2dbedb79d117bf14a796e709 / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
+</pre>
+
<h3>4.1.6</h3>
<p>
Fixes following vulnerabilities:
@@ -279,6 +361,18 @@ CVE-2018-10001, 47b7c68ae54560e2308bdb6be4fb076c73b93081
<h2>FFmpeg 3.4</h2>
+<h3>3.4.9</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2020-22037, 071ecaddb9ce7a514f4fe8b0ab4bc363d4bb0a38 / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-35965, 00115573e3030eff57847e1045ec18f0da5adb5c / 3e5959b3457f7f1856d997261e6ac672bba49e8b
+CVE-2021-38114, e61b25e2557394e640a5aae901473785a4b23db5 / 7150f9575671f898382c370acae35f9087a30ba1
+CVE-2021-38171, bc9e0b6cd2839acbac8da3232d715eb66857e453 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+CVE-2021-38291, a4a3fd814aac900175ec4a2811cb5bf98c1ddad3 / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
+</pre>
+
<h3>3.4.8</h3>
<p>
Fixes following vulnerabilities:
@@ -495,6 +589,19 @@ CVE-2017-7866, e371f031b942d73e02c090170975561fabd5c264
<h2>FFmpeg 3.2</h2>
+<h3>3.2.16</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2019-17539, cb456b8fb00e04bedf117cb4b72c87a9c3db5145 / 8df6884832ec413cf032dfaa45c23b1c7876670c
+CVE-2020-22037, 492318cb65967ff220ad84d2034f78c24fbdda54 / 7bba0dd6382e30d646cb406034a66199e071d713, ticket/8281
+CVE-2020-35965, 30102ee94e7d37d0feb11351ee8b70c3f714af66 / 3e5959b3457f7f1856d997261e6ac672bba49e8b
+CVE-2021-38114, eeda5a1bd42320d227e52d8b05b37986d143cce3 / 7150f9575671f898382c370acae35f9087a30ba1
+CVE-2021-38171, 8028e18988445e13102d6f65b6f19b6805735698 / 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+CVE-2021-38291, 94551f3197a8570b13830f636c68f3507cd0bb7b / e01d306c647b5827102260b885faa223b646d2d1, ticket/9312
+</pre>
+
<h3>3.2.15</h3>
<p>
Fixes following vulnerabilities:
@@ -504,6 +611,7 @@ CVE-2019-13390, 9b236547f480a012cab32f8cad2dfe02774537c1 / aef24efb0c1e65097ab77
CVE-2019-17542, 039c13f109a46f8f65adfb65cafa8bdb7123a2a7 / 02f909dc24b1f05cfbba75077c7707b905e63cd2
CVE-2020-13904, 8a2ef6d25dc79d472ea7b184c3b95b4658c99838 / b5e39880fb7269b1b3577cee288e06aa3dc1dfa2
CVE-2020-13904, f80106e256e051082e507496cdaed564adbd4da9 / 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
+CVE-2020-20448, e0983daf05d6c2f53a850619461e74a7392d9bd8 / 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990
</pre>
<h3>3.2.14</h3>
commit 351690137ecb76e7732f77184df4f593bc5159c0
Author: Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Sun Oct 24 23:26:04 2021 +0200
Commit: Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Sun Oct 24 23:26:04 2021 +0200
web/download: Add FFmpeg 4.4.1
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
diff --git a/src/download b/src/download
index 269abcd..b723674 100644
--- a/src/download
+++ b/src/download
@@ -304,10 +304,10 @@ gpg: Good signature from "FFmpeg release signing key <ffmpeg-devel at ffmpeg.org
and much faster bug fixes such as additional features and security patches.
</p>
- <h3 id="release_4.4">FFmpeg 4.4 "Rao"</h3>
+ <h3 id="release_4.4">FFmpeg 4.4.1 "Rao"</h3>
<p>
- 4.4 was released on 2021-04-08. It is the latest stable FFmpeg release
+ 4.4.1 was released on 2021-10-24. It is the latest stable FFmpeg release
from the 4.4 release branch, which was cut from master on 2021-04-08.
</p>
<p>It includes the following library versions:
@@ -323,19 +323,19 @@ libswresample 3. 9.100
libpostproc 55. 9.100</pre>
<div class="row">
<div class="col-md-3">
- <a class="btn btn-success" href="releases/ffmpeg-4.4.tar.xz">Download xz tarball</a>
- <small><a href="releases/ffmpeg-4.4.tar.xz.asc">PGP signature</a></small>
+ <a class="btn btn-success" href="releases/ffmpeg-4.4.1.tar.xz">Download xz tarball</a>
+ <small><a href="releases/ffmpeg-4.4.1.tar.xz.asc">PGP signature</a></small>
</div> <!-- col -->
<div class="col-md-3">
- <a class="btn btn-success" href="releases/ffmpeg-4.4.tar.bz2">Download bzip2 tarball</a>
- <small><a href="releases/ffmpeg-4.4.tar.bz2.asc">PGP signature</a></small>
+ <a class="btn btn-success" href="releases/ffmpeg-4.4.1.tar.bz2">Download bzip2 tarball</a>
+ <small><a href="releases/ffmpeg-4.4.1.tar.bz2.asc">PGP signature</a></small>
</div> <!-- col -->
<div class="col-md-3">
- <a class="btn btn-success" href="releases/ffmpeg-4.4.tar.gz">Download gzip tarball</a>
- <small><a href="releases/ffmpeg-4.4.tar.gz.asc">PGP signature</a></small>
+ <a class="btn btn-success" href="releases/ffmpeg-4.4.1.tar.gz">Download gzip tarball</a>
+ <small><a href="releases/ffmpeg-4.4.1.tar.gz.asc">PGP signature</a></small>
</div> <!-- col -->
<div class="col-md-3 text-right">
- <small><a href="https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.4">Changelog</a></small>
+ <small><a href="https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.4.1">Changelog</a></small>
<a class="btn btn-success" href="https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/4.4:/RELEASE_NOTES">Release Notes</a>
</div> <!-- col -->
</div> <!-- row -->
-----------------------------------------------------------------------
Summary of changes:
src/download | 18 +++++-----
src/security | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 117 insertions(+), 9 deletions(-)
hooks/post-receive
--
More information about the ffmpeg-cvslog
mailing list