web/security: use same length git hash for CVE-2017-14171
[ffmpeg-web.git] / src / security
index 5e09fc0..3fe207a 100644 (file)
@@ -1,7 +1,353 @@
 <p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a></p>
 
+
+
+<h2>FFmpeg 3.3</h2>
+
+<h3>3.3.4</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-14054, 6bd562e04440c48eb79e24c36800791bbb1ba0b6 / 124eb202e70678539544f6268efc98131f19fa49
+CVE-2017-14055, e910f15fcbb709c4c7208737a6cc39185b41543b / 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
+CVE-2017-14059, 4ff1fcd3caa2e59c3d4cec8e4c64c9ac79b09a1d / 7e80b63ecd259d69d383623e75b318bf2bd491f6
+CVE-2017-14058, 305f37e5be009c66e0af3064855c8509aafba719 / 7ec414892ddcad88313848494b6fc5f437c9ca4a
+CVE-2017-14057, 6447815dfbbe5036c7fa29d285b59896d76f4f9d / 7f9ec5593e04827249e7aeb466da06a98a0d7329
+CVE-2017-14225, 5474a7e93b8ea0be1157ac9cf93c1511eccae7b0 / 837cb4325b712ff1aab531bf41668933f61d75d2
+CVE-2017-14170, c01f799314c3254a98c415ccf99acd501bdbd9f2 / 900f39692ca0337a98a7cf047e4e2611071810c2
+CVE-2017-14056, 8cb0f2c4e55d1d8ba9dbc80dd19ad139d0200c2d / 96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
+CVE-2017-14222, d9cf9f5af82228b588828ae2692acccec588fdac / 9cb4eb772839c5e1de2855d126bf74ff16d13382
+CVE-2017-14169, 9d3a7c82a669a1a1c8e3904c65ded19e80d16edc / 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
+CVE-2017-14223, b61e5a878c845b8bee1267fdb75c293feb00ae0d / afc9c683ed9db01edb357bc8c19edad4282b3a97
+CVE-2017-14171, e6a8d110d7e8e938913a0a85ca933b415f8ed24d / c24bcb553650b91e9eff15ef6e54ca73de2453b7
+</pre>
+
+<h3>3.3.3</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9608, 0a709e2a10b8288a0cc383547924ecfe285cef89 / 611b35627488a8d0763e75c25ee0875c5b7987dd
+CVE-2017-11399, 0272afe70d6205caff05f3548da22a19f1eff9b1 / ba4beaf6149f7241c8bd85fe853318c2f6837ad0
+CVE-2017-11665, 0d2b67d17c9b5faec1ca223c91128b8de9eb299c / 08c073434e25cba8c43aae5ed9554fdd594adfb0
+CVE-2017-11665, 6de5ec8ef818774c58a1c4cd9548534be0e54ecc / ffcc82219cef0928bed2d558b19ef6ea35634130
+CVE-2017-11719, 47c0626ec721749b28df1c61c481e318e50058e4 / 296debd213bd6dce7647cedd34eb64e5b94cdc92
+</pre>
+
+<h3>3.3.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9993, 3dd1f38329e7bd7225445c92fc0019adc43899f4 / 189ff4219644532bdfa7bab28dfedaee4d6d4021
+CVE-2017-9993, 1998147f2ebcb0eff33438339b2051d159edb688 / a5d849b149ca67ced2d271dc84db0bc95a548abb
+</pre>
+
+<h3>3.3.1</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9990, 906f1f66a8208388262b4a3a1484b32c0510d9eb / cb243972b121b1ae6b60a78ff55a0506c69f3879
+CVE-2017-9991, edb8d29ca5fef83ab7a89f24fe23411c0f4f8f0d / 441026fcb13ac23aa10edc312bdacb6445a0ad06
+CVE-2017-9992, 7617b90f07053c806c3257a8985af5c236fd7b0b / f52fbf4f3ed02a7d872d8a102006f29b4421f360
+CVE-2017-9994, 924a2dd57a04792fae1dce1626fafb223fb97201 / 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
+CVE-2017-9995, 79f6a1b96ee20eec311e8c44c2bcd5f8fb49f55f / 7ac5067146613997bb38442cb022d7f41321a706
+CVE-2017-9995, d1dd90ae5425402fe176c2400351395b3165c309 / 2171dfae8c065878a2e130390eb78cf2947a5b69
+CVE-2017-9996, 973a66108b8e01ceb85cf2d6922a5cbb47f6a657 / e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
+CVE-2017-9996, a483e46b794539d21b1ec0f3e521f681a54a86d2 / 1e42736b95065c69a7481d0cf55247024f54b660
+</pre>
+
+
+<h2>FFmpeg 3.2</h2>
+
+<h3>3.2.7</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-11399, 5bb861d45b86803ec39295cfc04889d2a7138361 / ba4beaf6149f7241c8bd85fe853318c2f6837ad0
+CVE-2017-11665, f2a6f41dd7b962e0dd24fe695b002532a42e2230 / 08c073434e25cba8c43aae5ed9554fdd594adfb0
+CVE-2017-11665, b375cc8bb74a33a7b38175023ee337b1c378281f / ffcc82219cef0928bed2d558b19ef6ea35634130
+CVE-2017-11719, 6a10b962e3053b9fc851fcce23a60ac653abdc8c / 296debd213bd6dce7647cedd34eb64e5b94cdc92
+</pre>
+
+<h3>3.2.6</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9608, 31c1c0b46a7021802c3d1d18039fca30dba5a14e / 611b35627488a8d0763e75c25ee0875c5b7987dd
+CVE-2017-9993, 25dac3128b605f2867e3e0f0288b896f84d3a033 / 189ff4219644532bdfa7bab28dfedaee4d6d4021
+CVE-2017-9993, 5415c88e370692a3cf10b998ab230b4a02fc237f / a5d849b149ca67ced2d271dc84db0bc95a548abb
+</pre>
+
+<h3>3.2.5</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9991, 85c8c0c826e78d159ea242ce64d7e8feeeeca741 / 441026fcb13ac23aa10edc312bdacb6445a0ad06
+CVE-2017-9992, 536af4212100dee1577fe2d30814762c58038efc / f52fbf4f3ed02a7d872d8a102006f29b4421f360b
+CVE-2017-9994, 869e8b1d0f549e926ecb246f916c9066f881db4a / 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
+CVE-2017-9996, 7a69c1b2abfa96f0578cbd3ff82126b883ba6ef0 / e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
+CVE-2017-9996, 7f3a671ece8fd711e2ebc71a4e08cda591d810a8 / 1e42736b95065c69a7481d0cf55247024f54b660
+</pre>
+
+<h3>3.2.4</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-5024, ed2572b9c8f885e2a4764d2e34604442a71899a1 / 2d453188c2303da641dafb048dc1806790526dfd
+CVE-2017-5025, cf8e004a51b08c6e8ceaeebca85ab84c7ed0b4cf / fd30e4d57fe5841385f845440688505b88c0f4a9
+</pre>
+
+<h3>3.2.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-10190, 0e0a413725e0221e1a9d0b7595e22bf57e23a09c / 2a05c8f813de6f2278827734bf8102291e7484aa
+CVE-2016-10191, 32b95471a86ae383c0f76361d954aec511f7043a / 7d57ca4d9a75562fa32e40766211de150f8b3ee7
+CVE-2016-10192, c12ee64e80af2517005231388fdf4ea78f16bb0e / a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156B
+</pre>
+
+<h3>3.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-5199, 347cb14b7cba7560e53f4434b419b9d8800253e7
+CVE-2016-7122, e4e4a9cad7f21593d4bcb1f2404ea0d373c36c43
+CVE-2016-7450, a5af1240fce845f645440364c1335e0f8e44ee6c
+CVE-2016-7502, 0e318f110bcd6bb8e7de9127f2747272e60f48d7
+CVE-2016-7555, b98dafe04564d5fe3e5bf5073d871dd93a4a62de
+CVE-2016-7562, 69449da436169e7facaa6d1f3bcbc41cf6ce2754
+CVE-2016-7785, 14bac7e00d72eac687612d9b125e585011a56d4f
+CVE-2016-7905, 2679ad4773aa356e7c3da5c68bc81f02a194617f
+CVE-2016-8595, 987690799dd86433bf98b897aaa4c8d93ade646d
+</pre>
+
+
+<h2>FFmpeg 3.1</h2>
+
+<h3>3.1.10</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-11399, 750fec58e175b22ac23ff349c4b0a9b765ea4d0c / ba4beaf6149f7241c8bd85fe853318c2f6837ad0
+CVE-2017-11665, 06ce68d8a07d6365d67fdd8ed3c1e422f97a43fa / ffcc82219cef0928bed2d558b19ef6ea35634130
+CVE-2017-11665, 54a6c1368cdbb13eb0015433edca0d0fc9ea5dfb / 08c073434e25cba8c43aae5ed9554fdd594adfb0
+CVE-2017-11719, 956f2db21ffc1ca7f8dae7a3f44b09a145d9b9fa / 296debd213bd6dce7647cedd34eb64e5b94cdc92
+</pre>
+
+<h3>3.1.9</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9993, e0a3b8670d27863bfe6175b383918a5516a6bc42 / 189ff4219644532bdfa7bab28dfedaee4d6d4021
+CVE-2017-9993, 39c729c375a67eb87d420e2079a003af6f0c7bf2 / a5d849b149ca67ced2d271dc84db0bc95a548abb
+</pre>
+
+<h3>3.1.8</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9991, e2103ad36d4578cd5af091b7860e88999c49ac30 / 441026fcb13ac23aa10edc312bdacb6445a0ad06
+CVE-2017-9992, eb234fa89b945b67654af709f321cbcee9b8c982 / f52fbf4f3ed02a7d872d8a102006f29b4421f360
+CVE-2017-9994, 21b1dd8f74c94ec263b1c127863a8d0591c18b5e / 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
+CVE-2017-9996, 4f98b97b2ad1ea2244cd8f10758802d9bdc58e16 / 1e42736b95065c69a7481d0cf55247024f54b660
+CVE-2017-9996, 94029d7e179e4a87c30feea9dbd036646132e491 / e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
+</pre>
+
+<h3>3.1.7</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-5024, 02a5e88ebc725b09f675bfcbbd4db1133e41708e / 2d453188c2303da641dafb048dc1806790526dfd
+CVE-2017-5025, b6efd022b77349f2797afe756b791e82ec4a1d96 / fd30e4d57fe5841385f845440688505b88c0f4a
+</pre>
+
+<h3>3.1.6</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-10190, 18e3e322b36a85b6f69662e1d5fa7c245638ab86 / 2a05c8f813de6f2278827734bf8102291e7484aa
+CVE-2016-10191, b0ebef0578fd88fe3efd66086c43a5b43fbc9f6a / 7d57ca4d9a75562fa32e40766211de150f8b3ee7
+CVE-2016-10192, 37904d11779482f375b13da24f33f75daf13638f / a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
+</pre>
+
+<h3>3.1.5</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-8595, 08eef74a39d73bec80d4a12f0eaca6a3602a2024 / 987690799dd86433bf98b897aaa4c8d93ade646
+</pre>
+
+<h3>3.1.4</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-5199, 7a3dc2f7b6c2fbe62aeed7839e736db395a6f76a / 347cb14b7cba7560e53f4434b419b9d8800253e7
+CVE-2016-7122, ed38046c5c2e3b310980be32287179895c83e0d8 / e4e4a9cad7f21593d4bcb1f2404ea0d373c36c43
+CVE-2016-7450, ac8ac46641adef208485baebc3734463bf0bd266 / a5af1240fce845f645440364c1335e0f8e44ee6c
+CVE-2016-7502, 9d738e6968757d4e70c8e07e0b720ac0004accc4 / 0e318f110bcd6bb8e7de9127f2747272e60f48d7
+CVE-2016-7555, 8834e080c20d3d23c3ffe779371359f9b9b835ec / b98dafe04564d5fe3e5bf5073d871dd93a4a62de
+CVE-2016-7562, 496267f8e9ec218351e4359e1fde48722d4fc804 / 69449da436169e7facaa6d1f3bcbc41cf6ce2754
+CVE-2016-7785, c8c5f66b42edc37474baa5cb51460cbf6f33075b / 14bac7e00d72eac687612d9b125e585011a56d4f
+CVE-2016-7905, 622ccbd8ab894e3ac6cdf607e3d4f39e406786e9 / 2679ad4773aa356e7c3da5c68bc81f02a194617f
+</pre>
+
+<h3>3.1.3</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-6920, 79f52a0dbd484aad111e4bf4a4f7047c7ceb6137 / 01aee8148d4fa439cce678a11f5110656c98de1f
+CVE-2016-6881, 4770eac663da306fc8298ff8b73ebeabdc23489c / a453bbb68f3eec202673728988bba3bc76071761
+</pre>
+
+<h3>3.1.2</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-6671, 19d2921bbfec13c7a843bdbdb5687cf821b02cff / 6aa39080ccea2b60433e920417844c3a3c0da50b
+</pre>
+
+<h3>3.1.1</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-6164, 3e730278f5a8e5ec3f9593700488a940f38dfac1 / 8a3221cc67a516dfc1700bdae3566ec52c7ee823
+</pre>
+
+
+<h2>FFmpeg 3.0</h2>
+
+<h3>3.0.8</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9991, 9320f86494bfe31720b51184f49e46a2ae7220d2 / 441026fcb13ac23aa10edc312bdacb6445a0ad06
+CVE-2017-9992, c93df94fe30fb3758070cd16cbe9660c7bf117f1 / f52fbf4f3ed02a7d872d8a102006f29b4421f360
+CVE-2017-9994, ee12581551293fbd71fd37f013bf80fce754750d / 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
+CVE-2017-9996, 05b8e57abaf7144072a1db786b2fd1ef78885d74 / e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
+CVE-2017-9996, f903400a0bb54a55c07016fba060291d9d579618 / 1e42736b95065c69a7481d0cf55247024f54b660
+</pre>
+
+<h3>3.0.7</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-5024, dc1e099bf281e69d162bde02bd87112bbcb1ab5c / 2d453188c2303da641dafb048dc1806790526dfd
+CVE-2017-5025, 4f7064c9da35cd8156f6aee4a25e9b4e7f4ae607 / fd30e4d57fe5841385f845440688505b88c0f4a9
+</pre>
+
+<h3>3.0.5</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-10190, 2e3f0a1c6f39cf2a35bdda85e43970ffc6db797b / 2a05c8f813de6f2278827734bf8102291e7484aa
+CVE-2016-10191, a5513ae7bc7cb131e7b7edba57e4cf93121d6c8e / 7d57ca4d9a75562fa32e40766211de150f8b3ee7
+CVE-2016-10192, 1768e02a046ac05cb212991ae23021ad412cd15a / a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
+</pre>
+
+<h3>3.0.4</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-5199, 9259b7f38e008720096532cd4e666a9889f3c578 / 347cb14b7cba7560e53f4434b419b9d8800253e7
+CVE-2016-7450, 9357aa67572ce630267144ecd923c643a0982617 / a5af1240fce845f645440364c1335e0f8e44ee6c
+CVE-2016-7502, 63f951601e75051085b85e8034989ee8a7dcff1d / 0e318f110bcd6bb8e7de9127f2747272e60f48d7
+CVE-2016-7555, fb7617df4eb13659fa20cb535888c10eac0fdb77 / b98dafe04564d5fe3e5bf5073d871dd93a4a62de
+CVE-2016-7562, e5bf7ab3e7c6432da47958105ac59ee2681d3198 / 69449da436169e7facaa6d1f3bcbc41cf6ce2754
+CVE-2016-7785, 77d5a237ef6803e3b5a138fdee10bf1f62e4a7d7 / 14bac7e00d72eac687612d9b125e585011a56d4f
+CVE-2016-7905, 8c43f320574d201fe1b696b133c08368f5f18508 / 2679ad4773aa356e7c3da5c68bc81f02a194617f
+</pre>
+
+<h3>3.0.3</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-6164, a5680d83af26d4e6cfb9fe2eb8f51247bf36a41f / 8a3221cc67a516dfc1700bdae3566ec52c7ee823
+CVE-2016-6881, ca92adafb0effac6c51a12f90a593ba7e8b3ee90 / a453bbb68f3eec202673728988bba3bc76071761
+CVE-2016-7122, 1d90326f95a791db515f69a01a5f6ef867896d15 / e4e4a9cad7f21593d4bcb1f2404ea0d373c36c43
+</pre>
+
+
 <h2>FFmpeg 2.8</h2>
 
+<h3>2.8.12</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-9991, 39108a4724b091d27fe08f3ed4a75681094223ee / 441026fcb13ac23aa10edc312bdacb6445a0ad06
+CVE-2017-9992, 1e9fa7c69fdc1a2cf2a716b818e5cdad28333f6c / f52fbf4f3ed02a7d872d8a102006f29b4421f360
+CVE-2017-9993, bb7df22328731af64129469e6bcfa1fe6241c6ad / a5d849b149ca67ced2d271dc84db0bc95a548abb
+CVE-2017-9993, e447d3143faab23da9cbe3a7dbf4adec100f938a / 189ff4219644532bdfa7bab28dfedaee4d6d4021
+CVE-2017-9994, e7568a43527025f635c818119670aed12ccd67cb / 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
+CVE-2017-9996, 191e0f7e2b882eb20d696501603285c7192312f6 / e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
+CVE-2017-9996, ff342d0587d6c821745d87bf662b53e90768ca21 / 1e42736b95065c69a7481d0cf55247024f54b660
+</pre>
+
+<h3>2.8.11</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2017-5024, 4adc99ecb6e9aec301fdd79ec097d433346045b6 / 2d453188c2303da641dafb048dc1806790526dfd
+CVE-2017-5025, 8be3724e55b2c55337c14c9cb7a69c5a85d42a65 / fd30e4d57fe5841385f845440688505b88c0f4a9
+</pre>
+
+<h3>2.8.10</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-10190, 606b21353df7d08ea203193f3026281737c696a2 / 2a05c8f813de6f2278827734bf8102291e7484aa
+CVE-2016-10191, 5bfb0b02b6fbb38c058659dc09c01602d0d1f523 / 7d57ca4d9a75562fa32e40766211de150f8b3ee7
+CVE-2016-10192, e0cb113f9b4b7a26ac0053a483f92c26a4a90f0e / a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
+</pre>
+
+<h3>2.8.9</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-7502, 69b00a7fb6faa1b19b5687a5762ff4f94d5ff9aa / 0e318f110bcd6bb8e7de9127f2747272e60f48d7
+CVE-2016-7785, a772613100514842008271c8d0e5d63a6979f9bf / 14bac7e00d72eac687612d9b125e585011a56d4f
+CVE-2016-7905, 239f75d6c3dfbe4def80a12913d5737dd5a5bbcc / 2679ad4773aa356e7c3da5c68bc81f02a194617f
+CVE-2016-7562, ab737ab31d4f126ed5a13a6a0498824141925108 / 69449da436169e7facaa6d1f3bcbc41cf6ce275
+</pre>
+
+<h3>2.8.8</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2016-6164, 054db631200c9940bc72e4dec2cb3c75e613abaf / 8a3221cc67a516dfc1700bdae3566ec52c7ee823
+CVE-2016-6881, e965fedf7e94b7e50cd11be00fa729ee8faeb21b / a453bbb68f3eec202673728988bba3bc76071761
+CVE-2016-7122, 8ddeae57ae727966ac7588cf34ff56558fe3ffd1 / e4e4a9cad7f21593d4bcb1f2404ea0d373c36c43
+CVE-2016-7450, f8dcc9e7189709c68829b0fa7a98941fdf916d68 / a5af1240fce845f645440364c1335e0f8e44ee6c
+</pre>
+
 <h3>2.8.6</h3>
 <p>
 Fixes following vulnerabilities:
@@ -1253,6 +1599,7 @@ CVE-2012-2804, 4a80ebe491609e04110a1dd540a0ca79d3be3d04
 CVE-2012-5359, msvr12-017
 CVE-2012-5360, msvr12-017
 CVE-2012-5361, msvr12-017
+CVE-2016-3062, 689e59b7ffed34eba6159dcc78e87133862e3746
 </pre>
 
 <h2>FFmpeg 0.10</h2>