From patchwork Wed Apr 17 20:37:03 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 12785
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 6A0A5447B21
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Wed, 17 Apr 2019 23:39:48 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 58E1068999B;
	Wed, 17 Apr 2019 23:39:48 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe07-3.mx.upcmail.net
	(vie01a-dmta-pe07-3.mx.upcmail.net [84.116.36.19])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0E88A680818
	for <ffmpeg-devel@ffmpeg.org>; Wed, 17 Apr 2019 23:39:42 +0300 (EEST)
Received: from [172.31.216.235]
	(helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
	by vie01a-dmta-pe07.mx.upcmail.net with esmtp (Exim 4.91)
	(envelope-from <michael@niedermayer.cc>) id 1hGrLJ-0008hg-3l
	for ffmpeg-devel@ffmpeg.org; Wed, 17 Apr 2019 22:39:41 +0200
Received: from localhost ([213.47.41.20])
	by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
	id GrKLh0KRP5D5NGrKLhgpvk; Wed, 17 Apr 2019 22:38:41 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.41.20
X-CNFS-Analysis: v=2.3 cv=bu8y+3Si c=1 sm=1 tr=0
	a=I1eytVlZLDX1BM2VTtTtSw==:117 a=I1eytVlZLDX1BM2VTtTtSw==:17
	a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10
	a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=zhi8x8cXzmb9Sc2MGxQA:9
	a=CaZoOAXKRZDnxeYn:21
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Wed, 17 Apr 2019 22:37:03 +0200
Message-Id: <20190417203703.21351-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190417203703.21351-1-michael@niedermayer.cc>
References: <20190417203703.21351-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-CMAE-Envelope: 
 MS4wfOPsBNJ9Qy/MgmapRFddRBPh6hs+QzOx5sKi4ZUOSpvU0rEztnhq/QUBkDTgX/wQ3nxCMvkPDwdUYlKbkJOoiEEgPbxN3pUbdYVjoDP1SMcvpTnRATRt
	gW8hSX+e3fuoctyuS2UuDr5n+W6SGK7mGxUVgeCNzf+9izgim+FwP5WO
Subject: [FFmpeg-devel] [PATCH 2/2] web/security: add some missing CVEs
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

---
 src/security | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/src/security b/src/security
index b6239bf..9175aba 100644
--- a/src/security
+++ b/src/security
@@ -12,6 +12,14 @@ CVE-2019-9718, cc5361ed18ab0f69cfbead7afc88fb81ed4b36ae / 1f00c97bc3475c477f3c46
 CVE-2019-9721, f7f3937494f6734d27fc3d0081c9c7a9a19614a8 / 894995c41e0795c7a44f81adc4838dedc3932e65
 </pre>
 
+<h3>4.1.1</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2019-1000016, b420f23566825192c3fc1f46fce24d19ffc1d72e / b97a4b658814b2de8b9f2a3bce491c002d34de31
+</pre>
+
 <h3>4.1</h3>
 <p>
 Fixes following vulnerabilities:
@@ -29,6 +37,12 @@ CVE-2018-13305, d08d4a8c7387e758d439b0592782e4cfa2b4d6a4
 CVE-2018-14394, 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
 CVE-2018-14395, fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
 CVE-2018-15822, 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
+CVE-2018-1999010, cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999011, 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
+CVE-2018-1999012, 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, a7e032a277452366771951e29fd0bf2bd5c029f0
+CVE-2018-1999014, bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75
+CVE-2018-1999015, 5aba5b89d0b1d73164d3b81764828bb8b20ff32a
 </pre>
 
 <h2>FFmpeg 4.0</h2>
@@ -62,6 +76,12 @@ CVE-2018-13303, 0003ace83b18f68c981c8ad401bee75315edf9f5 / 00e8181bd97c834fe6075
 CVE-2018-13304, 5fd1dce39a70340b9fd508154e48985902602e25 / bd27a9364ca274ca97f1df6d984e88a0700fb235
 CVE-2018-14394, 0981dfee7d413ec6f30f00ddb109e3959c05bebd / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
 CVE-2018-14395, fd53179f4a71e0acd807bdfff112a55e204fa4ba / fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
+CVE-2018-1999010, 6d992a51c75aafba6e21bff95cddae9d717bc7e3 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999011, a21703ca5d42e91b3a218e755020e90ef3af2eae / 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
+CVE-2018-1999012, 6f4b82cc3a879f5d3f9a4738bfd7d93757221958 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 37f505cc853f592d93b6285c8a91eece2e5b8b07 / a7e032a277452366771951e29fd0bf2bd5c029f0
+CVE-2018-1999014, a28ab09e2a2ac3fcc61e77ff5d702d9157eb37bc / bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75
+CVE-2018-1999015, 4439d6aa6956453f6f5479020ee71baebbec4287 / 5aba5b89d0b1d73164d3b81764828bb8b20ff32a
 </pre>
 
 <h3>4.0.1</h3>
@@ -82,6 +102,7 @@ Fixes following vulnerabilities:
 CVE-2018-6912, 76cc0f0f673353cd4746cd3b83838ae335e5d9ed
 CVE-2018-7751, a6cba062051f345e8ebfdff34aba071ed73d923f
 CVE-2018-7557, 7414d0bda7763f9bd69c26c068e482ab297c1c96
+CVE-2018-9841, 35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-10001, 47b7c68ae54560e2308bdb6be4fb076c73b93081
 </pre>
 
@@ -119,11 +140,16 @@ Fixes following vulnerabilities:
 <pre>
 CVE-2018-7557,  ae49cc73f265a155e5c4b1715570aab3d9741b4d / 7414d0bda7763f9bd69c26c068e482ab297c1c96
 CVE-2018-7751,  3fa6e594a0f2575ddb6b2183961fde42ab5ab37b / a6cba062051f345e8ebfdff34aba071ed73d923f
+CVE-2018-9841,  43916494f8cac6ed294309e70de346e309d51058 / 35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-10001, 51035698bde9c13da7eedc1f6eb47d190bbc949d / 47b7c68ae54560e2308bdb6be4fb076c73b93081
 CVE-2018-12458, bd1fd3ff4b0437153a6c4717f59ce31a7bba8ca0 / e1182fac1afba92a4975917823a5f644bee7e6e8
 CVE-2018-13300, 3a04f518ac283194bb13d8aff7d9fa963d551547 / 95556e27e2c1d56d9e18f5db34d6f756f3011148
 CVE-2018-13302, 36c779bffe2ceef48a0fa4d7a6691c6895faf9e2 / ed22dc22216f74c75ee7901f82649e1ff725ba50
 CVE-2018-14394, 20ad61ffb7b0fc72d17b5c21035eb85a698ac64b / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
+CVE-2018-1999010, 5da77e7e9e91a1f2a6b80f64f4202c0a4534e307 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999011, 9dea41eac7229688e566a4a3e3f8251acf7ab97c / 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
+CVE-2018-1999012, 717ece29fd497500ef0315d1841fa7bd0640f53c / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 09401d0a0abec4d1db395af3ddb2c610c5b51153 / a7e032a277452366771951e29fd0bf2bd5c029f0
 </pre>
 
 <h3>3.4.2</h3>
@@ -174,6 +200,9 @@ CVE-2018-13300, 672ada0f179b3ef45e52987d8c96716d23aa0722 / 95556e27e2c1d56d9e18f
 CVE-2018-13302, 78b1fbca3404459dcf8a1c34b5c7f9a5825ad61f / ed22dc22216f74c75ee7901f82649e1ff725ba50
 CVE-2018-14394, 6a0a16e563f07722acd4b666b2c501e186e9fa4b / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
 CVE-2018-14395, 87ddf73e52b412ee015108ec2f1aaac7a05c947f / fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
+CVE-2018-1999012, 9bb3047060c33e93ace258634aa89ee1705ec0c3 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 34654d41d4bd9abb3b848477a6dd0a7d33816d4e / a7e032a277452366771951e29fd0bf2bd5c029f0
+CVE-2018-1999010, 4d77a4a54d2f5c34a9cc7d3b3424d16e24515a0f / cced03dd667a5df6df8fd40d8de0bff477ee02e8
 </pre>
 
 <h3>3.3.7</h3>
@@ -184,6 +213,7 @@ Fixes following vulnerabilities:
 CVE-2018-6621, 0322f781777d4413bd57815ee9b5a7d6a0cfe716 / 118e1b0b3370dd1c0da442901b486689efd1654b
 CVE-2018-6392, d74839d793ebf8c6c7c4a2a8a22ae2bd695d2c41 / 3f621455d62e46745453568d915badd5b1e5bcd5
 CVE-2018-7557, bafb13dc0fd60f49f613bf4c52ce88b91176755c / 7414d0bda7763f9bd69c26c068e482ab297c1c96
+CVE-2018-9841, 49336482fd04541623e9418264644dd80640dbfe / 35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-10001,15d4dc0da1e9f2450b5f9e748e1704fc0e6ef3a4 / 47b7c68ae54560e2308bdb6be4fb076c73b93081
 </pre>
 
@@ -279,6 +309,7 @@ Fixes following vulnerabilities:
 </p>
 <pre>
 CVE-2018-15822, 1b283238226bf2ff1f328ab4811375240224b346 / 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
+CVE-2018-1999011, 67149cb2f68e3e96cd75804d83827ccd03386695 / 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
 </pre>
 
 <h3>3.2.12</h3>
@@ -302,6 +333,9 @@ CVE-2018-12458, d6f8960812b0a4ceac299a9000a1e921c74e431a / e1182fac1afba92a49759
 CVE-2018-13300, e6d3fd942f772f54ab6a5ca619cdaadef26b7702 / 95556e27e2c1d56d9e18f5db34d6f756f3011148
 CVE-2018-13302, 92972f19168f323cfe133a42abf130a5f159bfd6 / ed22dc22216f74c75ee7901f82649e1ff725ba50
 CVE-2018-14394, 3571bec56eb302dfe01732cc0cdcf75b35ae8211 / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
+CVE-2018-1999010, f65d6ff9ab06e2f4036a7e0f71072a216e66d239 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999012, e82a06d2bef568124860090e2ec0b0de887c40a1 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, 4a42353c7a0c906a38c7cfc2fe29c0242a2c2231 / a7e032a277452366771951e29fd0bf2bd5c029f0
 </pre>
 
 <h3>3.2.10</h3>
@@ -555,6 +589,19 @@ CVE-2017-1000460, 641dccc2aa5e0bf6b3c06998f9a7f24a5cf725e7
 
 <h2>FFmpeg 3.0</h2>
 
+<h3>3.0.12</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2018-12458, 0d585110131186b47c092b683c7758922576ae61 / e1182fac1afba92a4975917823a5f644bee7e6e8
+CVE-2018-13302, 469503ac1de315a9288e333dbfc0896e3027227c / ed22dc22216f74c75ee7901f82649e1ff725ba50
+CVE-2018-14394, 790e6fead0785831e2273ad1b425a63c6b64aef3 / 3a2d21bc5f97aa0161db3ae731fc2732be6108b8
+CVE-2018-1999010, 94edbf464c007a76115cec61657d1e6accdaf8ca / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999012, 6cadf46dff14139ff2e5cf3276eb3ad58fb080e1 / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
+CVE-2018-1999013, ee8c6566e2abd9ae46976dba9873ecd9bb24001f / a7e032a277452366771951e29fd0bf2bd5c029f0
+</pre>
+
 <h3>3.0.11</h3>
 <p>
 Fixes following vulnerabilities:
@@ -675,6 +722,8 @@ Fixes following vulnerabilities:
 CVE-2018-7557,  e724bd1dd9efea3abb8586d6644ec07694afceae / 7414d0bda7763f9bd69c26c068e482ab297c1c96
 CVE-2018-12458, 6bbef938839adc55e8e048bc9cc2e0fafe2064df / e1182fac1afba92a4975917823a5f644bee7e6e8
 CVE-2018-13302, a80b8a01cc934b3417cea5c50a9f607d77f223ec / ed22dc22216f74c75ee7901f82649e1ff725ba50
+CVE-2018-1999010, feb31c7ade15719d292c20da60763173e2ba3991 / cced03dd667a5df6df8fd40d8de0bff477ee02e8
+CVE-2018-1999012, c75b8c9733efce84304a2dcec1bbfe806ab2e90f / 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
 </pre>
 
 <h3>2.8.14</h3>