[FFmpeg-devel] CVE-2023-6602 fixes backporting
Michael Niedermayer
michael at niedermayer.cc
Thu Feb 27 03:36:48 EET 2025
On Wed, Feb 26, 2025 at 12:03:12AM -0300, James Almer wrote:
> On 2/25/2025 11:28 PM, Michael Niedermayer wrote:
> > Hi all
> >
> > As i backported the fixes for $subj, i noticed they depend on
> > ff_match_url_ext()
> > which is not avaiable before 6.1
> >
> > I will thus backport this too unless there are objections
>
> It's not public API, so it should be fine.
Ok, ill see if that works out
for the record backport of this will be limited to 4.3 because:
av_match_name 2.4+
ff_url_decompose 4.3+
URL_COMPONENT_HAVE 4.3+
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250227/69824221/attachment.sig>
More information about the ffmpeg-devel
mailing list