[FFmpeg-devel] CVE #s security fixes and backports
Michael Niedermayer
michael at niedermayer.cc
Sun Feb 23 10:56:35 EET 2025
Hi all
Today ffmpeg-security was asked why 5 security fixes are missing in 6.1
and from our security page.
These issues where posted publically on trac, and fixed by FFmpeg developers.
Then someone seems to have registered CVE #s but not mailed ffmpeg-security
I suggest
1. if you fix a security issue or apply a security fix, make sure it is
backported to all supported releases
2. if you see a CVE # thats not on the security page, mail ffmpeg-security
3. If you see issues on trac that seem important, please make sure they
are fixed and backported, having someone like carl who knew and maintained
all issues would be quite usefull
thx
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I have never wished to cater to the crowd; for what I know they do not
approve, and what they approve I do not know. -- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250223/3a19ea8b/attachment.sig>
More information about the ffmpeg-devel
mailing list