[FFmpeg-devel] CVE #s security fixes and backports
James Almer
jamrial at gmail.com
Sun Feb 23 17:41:23 EET 2025
On 2/23/2025 6:12 AM, Michael Niedermayer wrote:
> Hi
>
> On Sun, Feb 23, 2025 at 09:56:35AM +0100, Michael Niedermayer wrote:
>> Hi all
>>
>> Today ffmpeg-security was asked why 5 security fixes are missing in 6.1
>> and from our security page.
>>
>> These issues where posted publically on trac, and fixed by FFmpeg developers.
>> Then someone seems to have registered CVE #s but not mailed ffmpeg-security
>>
>> I suggest
>> 1. if you fix a security issue or apply a security fix, make sure it is
>> backported to all supported releases
>> 2. if you see a CVE # thats not on the security page, mail ffmpeg-security
>> 3. If you see issues on trac that seem important, please make sure they
>> are fixed and backported, having someone like carl who knew and maintained
>> all issues would be quite usefull
>
> 4. Someone should cross check
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffmpeg and our security page
> and backported fixes and backport missing fixes and fix unfixed issues.
Why are there memory leaks with a CVE?
Also, CVE-2025-1373 is wrong, it doesn't apply to any release, only git
master.
>
> thx
>
> [...]
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250223/4d2a85a6/attachment.sig>
More information about the ffmpeg-devel
mailing list