Hello, I am working on back-porting some of the CVE fixes for FFmpeg to oe-core.
As there are 36 CVEs to patch (6 patches for master and hardknott and an additional 5 for hardknott), I have attached a list of recent CVEs in FFmpeg so we can avoid duplicating work.
I have also included the patch/fix commit hashes for the patching commits and branches/tags that are safe.
Please reply here if you are going to work on any of these ffmpeg CVEs. Thanks, Tony
Summary,Ticket,Fix/patch commit,Fixed in branches,Fixed in tags,Vulnerable versions Security Advisory - ffmpeg - CVE-2020-22021,https://trac.ffmpeg.org/ticket/8240,7971f62120a55c141ec437aa3f0bacc1c1a3526b, remotes/origin/master,NONE,all Security Advisory - ffmpeg - CVE-2020-22024,https://trac.ffmpeg.org/ticket/8310,723d69f99cd26db9687ed2d24d06afaff624daf3,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-20448,https://trac.ffmpeg.org/ticket/7990,8802e329c8317ca5ceb929df48a23eb0f9e852b2,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22022,https://trac.ffmpeg.org/ticket/8264,07050d7bdc32d82e53ee5bb727f5882323d00dba,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22033,"Duplicate of CVE-2020-22019 https://trac.ffmpeg.org/ticket/8246",82ad1b76751bcfad5005440db48c46a4de5d6f02, remotes/origin/master ,NONE,all Security Advisory - ffmpeg - CVE-2020-22035,https://trac.ffmpeg.org/ticket/8262,0749082eb93ea02fa4b770da86597450cec84054,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22034,https://trac.ffmpeg.org/ticket/8236,1331e001796c656a4a3c770a16121c15ec1db2ac,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22044,https://trac.ffmpeg.org/ticket/8295,1d479300cbe0522c233b7d51148aea2b29bd29ad,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-20445,"https://trac.ffmpeg.org/ticket/7996 Closed as duplicate of: https://trac.ffmpeg.org/ticket/7980","E4fdeb3fcefeb98f2225f7ccded156fb175959c5 def04022f4a7058f99e669bfd978d431d79aec18 ea56af88956061d700043c5c4b026ac57834b0c8"," remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22036,https://trac.ffmpeg.org/ticket/8261,8c3166e1c302c3ba80d9742ae46161c0fa8e2606,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-20453,https://trac.ffmpeg.org/ticket/8003,a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8, remotes/origin/master,NONE,all Security Advisory - ffmpeg - CVE-2020-20450,https://trac.ffmpeg.org/ticket/7993,5400e4a50c61e53e1bc50b3e77201649bbe9c510,"; remotes/origin/master remotes/origin/release/4.4","n4.4 n4.5-dev",4.3 and below Security Advisory - ffmpeg - CVE-2020-22037,https://trac.ffmpeg.org/ticket/8281,open,,, Security Advisory - ffmpeg - CVE-2020-21041,https://trac.ffmpeg.org/ticket/7989,5d9f44da460f781a1604d537d0555b78e29438ba,"; remotes/origin/master remotes/origin/release/4.4","n4.4 n4.5-dev",4.3 and below Security Advisory - ffmpeg - CVE-2020-22042,https://trac.ffmpeg.org/ticket/8267,426c16d61a9b5056a157a1a2a057a4e4d13eef84,"; remotes/origin/master remotes/origin/release/4.4","n4.4 n4.5-dev",4.3 and below Security Advisory - ffmpeg - CVE-2020-22030,https://trac.ffmpeg.org/ticket/8276,e1b89c76f66343d1b495165664647317c66764bb,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22016,https://trac.ffmpeg.org/ticket/8183,58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22031,https://trac.ffmpeg.org/ticket/8243,0e68e8c93f9068596484ec8ba725586860e06fc8,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22041,https://trac.ffmpeg.org/ticket/8296,3488e0977c671568731afa12b811adce9d4d807f,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22039,https://trac.ffmpeg.org/ticket/8302,a581bb66ea5eb981e2e498ca301df7d1ef15a6a3,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22023,https://trac.ffmpeg.org/ticket/8244,0b567238741854b41f84f7457686b044eadfe29c,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22026,https://trac.ffmpeg.org/ticket/8317,58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22019,"Duplicate of CVE-2020-22033 https://trac.ffmpeg.org/ticket/8241",82ad1b76751bcfad5005440db48c46a4de5d6f02, remotes/origin/master ,NONE,all Security Advisory - ffmpeg - CVE-2020-20446,https://trac.ffmpeg.org/ticket/7995,223b5e8ac9f6461bb13ed365419ec485c5b2b002, remotes/origin/master,NONE,all Security Advisory - ffmpeg - CVE-2020-20451,https://trac.ffmpeg.org/ticket/8094,21265f42ecb265debe9fec1dbfd0cb7de5a8aefb,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22017,https://trac.ffmpeg.org/ticket/8309,d4d6b7b0355f3597cad3b8d12911790c73b5f96d,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22020,https://trac.ffmpeg.org/ticket/8239,ce5274c1385d55892a692998923802023526b765,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22038,https://trac.ffmpeg.org/ticket/8285,7c32e9cf93b712f8463573a59ed4e98fd10fa013,"; remotes/origin/master remotes/origin/release/4.4","n4.4 n4.5-dev",4.3 and below Security Advisory - ffmpeg - CVE-2020-22028,https://trac.ffmpeg.org/ticket/8274,f069a9c2a65bc20c3462127623127df6dfd06c5b,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22043,https://trac.ffmpeg.org/ticket/8284,b288a7eb3d963a175e177b6219c8271076ee8590,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22029,https://trac.ffmpeg.org/ticket/8250,a7fd1279703683ebb548ef7baa2f1519994496ae,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-24020,https://trac.ffmpeg.org/ticket/8718,584f396132aa19d21bb1e38ad9a5d428869290cb,"; remotes/origin/master remotes/origin/release/4.4","n4.4 n4.5-dev",4.3 and below Security Advisory - ffmpeg - CVE-2020-22040,https://trac.ffmpeg.org/ticket/8283,1a0c584abc9709b1d11dbafef05d22e0937d7d19,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg - CVE-2020-22015,https://trac.ffmpeg.org/ticket/8190,4c1afa292520329eecd1cc7631bc59a8cca95c46, remotes/origin/master,NONE,all Security Advisory - ffmpeg - CVE-2020-22032,https://trac.ffmpeg.org/ticket/8275,de598f82f8c3f8000e1948548e8088148e2b1f44,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below Security Advisory - ffmpeg – CVE-2020-22027,https://trac.ffmpeg.org/ticket/8242,e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c,"; remotes/origin/master remotes/origin/release/4.3 remotes/origin/release/4.4","n4.3 n4.3.1 n4.3.2 n4.4 n4.4-dev n4.5-dev",4.2 and below
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152999): https://lists.openembedded.org/g/openembedded-core/message/152999 Mute This Topic: https://lists.openembedded.org/mt/83566330/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
