[FFmpeg-user] 2.8.14 security updates

Paul B Mahol onemda at gmail.com
Tue May 15 23:31:14 EEST 2018


On 5/15/18, Bryan Duff <duff0097 at gmail.com> wrote:
> Is 2.8.14 up-to-date as far as known security issues (e.g CVE's) are
> concerned?
>
> Looking at CVE's for ffmpeg, some will say "3.x.y and before" - does that
> mean that they only affect 3.x?  If not and they affect 2.8.14, then there
> are a decent number that affect 2.8.14 (15 of them?)
>
> For example, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9608
> has commits in the 3.2, 3.3, and master branches, so I'm guessing 2.8 is
> not affected.  Just trying to make sure.
>

2.8.14 is not affected by this CVE simply because new features never get into
obsolete releases.


More information about the ffmpeg-user mailing list