[SECURITY] [DLA 3928-1] ffmpeg security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3928-1] ffmpeg security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 21 Oct 2024 16:51:04 +0200
Message-id: <[🔎] 20241021145104.2C0412A925E@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3928-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 21, 2024                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ffmpeg
Version        : 7:4.3.8-0+deb11u1
CVE ID         : CVE-2023-49502 CVE-2024-7055 CVE-2024-31578

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.

For Debian 11 bullseye, these problems have been fixed in version
7:4.3.8-0+deb11u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmcWalgACgkQnUbEiOQ2
gwLimg/+NZW+6+qQObotkI3OvJr64hlV8n4la9J+RUidUL0WonVD0U+2UYOG+685
I+GU14LVMfzxngaHjCHLY4LxZX7Bn9FgX6RYInVQayex/x3errQoA5yafWcdp+XJ
mWmMPmoN9wUPWry1bvijKUogyP3ZGPgtACDoXB/Mm4+ZPnZsv5qPZoxaR/UAb2aO
+v1eCBm89i92tMnSyvW9Ji88UqLO0ut4u8+MtfuP1FITB2MPKL6t6YSw9ogOb3Ra
ZyWWuM0dQ2M5WXqZzR5ZYTDvkizXI3t1C6K5MNWF072LrVshxlBWZmzuxeRUZ3RV
VCRK1iAtEbrB44zYKWMyMYHBXK1Ed2JTdxfcKGDqLcz7Q0K7SeU8A0+/iQLcZAqj
YjCaK6AriFFdDYRKHDtwZTwPfM6VGQIo1WrOIG2xIM4meA7CUAr+ofUJaswbVJsF
h8gOmkF6KXbpkk3b4RP3D8cA2317WS9BAIRJGKxrQ0+PCZTflvIwJdvTrvN1sD8Y
ctgBuyPI0JC14rOgtydQWo8t9pPK8MaogAMxo4ulM6fckvk//k9dabMNYMv7rnkL
kICFRl3JEZXePAl/JWC5XyyP7nqk9Lbd3PvdMkYxeVLMpkIq5V48rDD4t6I7EVAd
TSlX1QzTzg4dXJr9XMxpJIvieujj9nPhBt3dqKgUB0XlCNXrWlE=
=eIaZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3927-1] openjdk-17 security update
Next by Date: [SECURITY] [DLA 3929-1] openjdk-11 security update
Previous by thread: [SECURITY] [DLA 3927-1] openjdk-17 security update
Next by thread: [SECURITY] [DLA 3929-1] openjdk-11 security update
Index(es):
- Date
- Thread