ffmpeg - Debian Package Tracker

general

source: ffmpeg (main)
version: 7:4.3.2-0+deb11u2
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Balint Reczey [DMD] – James Cowgill [DMD] – Andreas Cadhalpun [DMD] – Alexander Strasser [DMD] – Reinhard Tartler [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 7:3.2.14-1~deb9u1
old-sec: 7:3.2.15-0+deb9u2
stable: 7:4.1.6-1~deb10u1
stable-sec: 7:4.1.6-1~deb10u1
testing: 7:4.3.2-0+deb11u2
unstable: 7:4.3.2-0+deb11u2
exp: 7:4.4-1

versioned links

7:3.2.14-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:3.2.15-0+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.1.6-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.3.2-0+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.3.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ffmpeg (11 bugs: 0, 6, 5, 0)
ffmpeg-doc (1 bugs: 0, 0, 1, 0)
libavcodec-dev
libavcodec-extra
libavcodec-extra58
libavcodec58
libavdevice-dev
libavdevice58
libavfilter-dev
libavfilter-extra
libavfilter-extra7
libavfilter7
libavformat-dev (2 bugs: 0, 1, 1, 0)
libavformat58
libavresample-dev
libavresample4
libavutil-dev
libavutil56
libpostproc-dev
libpostproc55
libswresample-dev
libswresample3 (1 bugs: 0, 0, 1, 0)
libswscale-dev
libswscale5

action needed

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:07:52
Last run: 2020-05-17 07:09:22 UTC
Previous status: pass

testing: pass (log)
The tests ran in 0:33:59
Last run: 2021-06-16 02:50:30 UTC
Previous status: pass

stable: fail (log)
The tests ran in 0:09:13
Last run: 2021-06-07 07:40:19 UTC
Previous status: fail

Created: 2020-09-08 Last update: 2021-06-17 02:08

A new upstream version is available: 4.4 high

A new upstream version 4.4 is available, you should consider packaging it.

Created: 2021-04-11 Last update: 2021-06-17 01:56

21 security issues in stretch high

There are 21 open security issues in stretch.

18 important issues:

CVE-2020-22016: A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
CVE-2020-22017: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22019: Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22021: Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22022: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22023: A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22025: A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22026: Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22027: A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22028: Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
CVE-2020-22029: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
CVE-2020-22030: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
CVE-2020-22031: A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
CVE-2020-22032: A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
CVE-2020-22033: A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22034: A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22035: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22036: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.

2 issues postponed or untriaged:

CVE-2020-21041: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
CVE-2020-22020: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.

1 ignored issue:

CVE-2020-22015: Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.

Created: 2021-06-01 Last update: 2021-06-10 16:58

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2021-03-14 Last update: 2021-06-17 03:30

Depends on packages which need a new maintainer normal

The packages that ffmpeg depends on which need a new maintainer are:

libiec61883 (#826285)
- Build-Depends: libiec61883-dev
- Depends: libiec61883-0
srt (#964904)
- Build-Depends: libsrt-gnutls-dev
- Depends: libsrt1.4-gnutls
zvbi (#951284)
- Build-Depends: libzvbi-dev
- Depends: libzvbi0 libzvbi0

Created: 2019-11-22 Last update: 2021-06-17 00:33

23 low-priority security issues in buster low

There are 23 open security issues in buster.

22 issues left for the package maintainer to handle:

CVE-2020-21041: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
CVE-2020-22016: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
CVE-2020-22017: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22019: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22020: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22021: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22022: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22023: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22025: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22026: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22027: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22028: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
CVE-2020-22029: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
CVE-2020-22030: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
CVE-2020-22031: (postponed; to be fixed through a stable update) A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
CVE-2020-22032: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
CVE-2020-22033: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22034: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22035: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
CVE-2020-22036: (postponed; to be fixed through a stable update) A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
CVE-2020-35964: (postponed; to be fixed through a stable update) track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
CVE-2020-35965: (postponed; to be fixed through a stable update) decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:

CVE-2020-22015: Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.

Created: 2021-02-19 Last update: 2021-06-10 16:58

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-06-10 Last update: 2020-06-10 21:34

testing migrations

This package will soon be part of the auto-dav1d transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-ffmpeg transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-lensfun transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-06-11] ffmpeg 7:4.3.2-0+deb11u2 MIGRATED to testing (Debian testing watch)
[2021-06-04] Accepted ffmpeg 7:4.3.2-0+deb11u2 (source) into unstable (Sebastian Ramacher)
[2021-04-11] Accepted ffmpeg 7:4.4-1 (source) into experimental (Sebastian Ramacher)
[2021-03-04] ffmpeg 7:4.3.2-0+deb11u1 MIGRATED to testing (Debian testing watch)
[2021-02-28] Accepted ffmpeg 7:4.3.2-2 (source) into experimental (Sebastian Ramacher)
[2021-02-27] Accepted ffmpeg 7:4.3.2-1 (all amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2021-02-27] Accepted ffmpeg 7:4.3.1-9 (all amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2021-02-21] Accepted ffmpeg 7:4.3.2-0+deb11u1 (source) into unstable (Sebastian Ramacher)
[2021-01-31] Accepted ffmpeg 7:3.2.15-0+deb9u2 (source) into oldstable (Roberto C. Sanchez)
[2021-01-29] ffmpeg 7:4.3.1-8 MIGRATED to testing (Debian testing watch)
[2021-01-26] Accepted ffmpeg 7:4.3.1-8 (source) into unstable (Sebastian Ramacher)
[2021-01-25] ffmpeg 7:4.3.1-7 MIGRATED to testing (Debian testing watch)
[2021-01-25] ffmpeg 7:4.3.1-7 MIGRATED to testing (Debian testing watch)
[2021-01-19] Accepted ffmpeg 7:4.3.1-7 (source) into unstable (Sebastian Ramacher)
[2021-01-16] ffmpeg 7:4.3.1-6 MIGRATED to testing (Debian testing watch)
[2021-01-16] ffmpeg 7:4.3.1-6 MIGRATED to testing (Debian testing watch)
[2021-01-12] Accepted ffmpeg 7:4.3.1-6 (source) into unstable (Sebastian Ramacher)
[2020-10-27] ffmpeg 7:4.3.1-5 MIGRATED to testing (Debian testing watch)
[2020-10-25] Accepted ffmpeg 7:4.3.1-5 (source) into unstable (Sebastian Ramacher)
[2020-09-25] ffmpeg 7:4.3.1-4 MIGRATED to testing (Debian testing watch)
[2020-09-22] Accepted ffmpeg 7:4.3.1-4 (source) into unstable (Sebastian Ramacher)
[2020-09-18] ffmpeg 7:4.3.1-3 MIGRATED to testing (Debian testing watch)
[2020-09-18] ffmpeg 7:4.3.1-3 MIGRATED to testing (Debian testing watch)
[2020-09-12] Accepted ffmpeg 7:4.3.1-3 (source) into unstable (Sebastian Ramacher)
[2020-08-18] ffmpeg 7:4.3.1-2 MIGRATED to testing (Debian testing watch)
[2020-08-15] Accepted ffmpeg 7:4.3.1-2 (source) into unstable (Jonas Smedegaard)
[2020-08-07] ffmpeg 7:4.3.1-1 MIGRATED to testing (Debian testing watch)
[2020-08-04] Accepted ffmpeg 7:4.3.1-1 (source) into unstable (Jonas Smedegaard)
[2020-07-27] Accepted ffmpeg 7:3.2.15-0+deb9u1 (source) into oldstable (Adrian Bunk)
[2020-07-13] ffmpeg 7:4.3-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 16 19
RC: 0
I&N: 8 10
M&W: 8 9
F&P: 0
patch: 1

links

homepage
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7:4.3.2-0+deb11u2ubuntu1
8 bugs
patches for 7:4.3.2-0+deb11u2ubuntu1