[FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

Dominik 'Rathann' Mierzejewski dominik at greysector.net
Wed Mar 20 23:29:50 EET 2019


On Wednesday, 20 March 2019 at 18:42, Michael Niedermayer wrote:
> On Tue, Mar 19, 2019 at 11:28:01PM +0100, Dominik 'Rathann' Mierzejewski wrote:
> > Hello,
> > please backport fixes for CVE-2019-9718 and CVE-2019-9721 to 3.4
> > and 4.0 branches. The relevant commits seem to be:
> > 1f00c97bc3475c477f3c468cf2d924d5761d0982
> > 894995c41e0795c7a44f81adc4838dedc3932e65
> > 
> > Thanks in advance.
> 
> these will be backported with the next point releases from these branches
> 
> Ill try to do these releases rather sooner than later

Thank you. We've backported them downstream (in RPM Fusion), so there's no
rush from our point of view. We'll drop the downstream patches when
rebasing to the next release.

> > Were the CVE IDs not known at the time these were pushed to master?
> 
> I am pretty sure they where not known because if they where they would
> have been included.

That's what I thought. Thanks.

Regards,
Dominik
-- 
Fedora   https://getfedora.org  |  RPM Fusion  http://rpmfusion.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
        -- from "Collected Sayings of Muad'Dib" by the Princess Irulan


More information about the ffmpeg-devel mailing list