[FFmpeg-devel] CVE #s security fixes and backports
Michael Niedermayer
michael at niedermayer.cc
Sun Feb 23 11:12:36 EET 2025
Hi
On Sun, Feb 23, 2025 at 09:56:35AM +0100, Michael Niedermayer wrote:
> Hi all
>
> Today ffmpeg-security was asked why 5 security fixes are missing in 6.1
> and from our security page.
>
> These issues where posted publically on trac, and fixed by FFmpeg developers.
> Then someone seems to have registered CVE #s but not mailed ffmpeg-security
>
> I suggest
> 1. if you fix a security issue or apply a security fix, make sure it is
> backported to all supported releases
> 2. if you see a CVE # thats not on the security page, mail ffmpeg-security
> 3. If you see issues on trac that seem important, please make sure they
> are fixed and backported, having someone like carl who knew and maintained
> all issues would be quite usefull
4. Someone should cross check
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffmpeg and our security page
and backported fixes and backport missing fixes and fix unfixed issues.
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The smallest minority on earth is the individual. Those who deny
individual rights cannot claim to be defenders of minorities. - Ayn Rand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250223/f22536d1/attachment.sig>
More information about the ffmpeg-devel
mailing list