[FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Wed Mar 20 13:08:52 EET 2019
On Wednesday, 20 March 2019 at 00:48, Carl Eugen Hoyos wrote:
> 2019-03-19 23:28 GMT+01:00, Dominik 'Rathann' Mierzejewski
> <dominik at greysector.net>:
>
> > Were the CVE IDs not known at the time these were pushed to master?
>
> No, how would this be possible?
Easy: you can request the ID at https://cveform.mitre.org/ before
pushing the commits.
> > Not having them in the commit log made it more difficult to find them.
>
> I thought the CVE's themselves contains the commits, no?
They do, but looking at the commits only I wouldn't know there were CVE
IDs associated with them, so the relation is one-way only. I would feel
better if the commit log said a CVE ID was being fixed.
Regards,
Dominik
--
Fedora https://getfedora.org | RPM Fusion http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
-- from "Collected Sayings of Muad'Dib" by the Princess Irulan
More information about the ffmpeg-devel
mailing list