------------------------------------------------------------------------- Debian LTS Advisory DLA-2537-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Roberto C. Sánchez January 31, 2021 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : ffmpeg Version : 7:3.2.15-0+deb9u2 CVE ID : CVE-2019-17539 CVE-2020-35965 Debian Bug : 979999 Two vulnerabilities have been discovered in ffmpeg, a widely used multimedia framework. CVE-2019-17539 a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer CVE-2020-35965 an out-of-bounds write because of errors in calculations of when to perform memset zero operations For Debian 9 stretch, these problems have been fixed in version 7:3.2.15-0+deb9u2. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature