[FFmpeg-devel] CVE #s security fixes and backports
Michael Niedermayer
michael at niedermayer.cc
Sun Feb 23 23:37:39 EET 2025
Hi
On Sun, Feb 23, 2025 at 06:49:23PM +0200, Rémi Denis-Courmont wrote:
> Le sunnuntaina 23. helmikuuta 2025, 11.12.36 UTC+2 Michael Niedermayer a écrit
> :
> > On Sun, Feb 23, 2025 at 09:56:35AM +0100, Michael Niedermayer wrote:
> > > I suggest
> > > 1. if you fix a security issue or apply a security fix, make sure it is
> > > backported to all supported releases
> > > 2. if you see a CVE # thats not on the security page, mail ffmpeg-security
> > > 3. If you see issues on trac that seem important, please make sure they
> > > are fixed and backported, having someone like carl who knew and maintained
> > > all issues would be quite usefull
> >
> > 4. Someone should cross check
> > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffmpeg and our security
> > page and backported fixes and backport missing fixes and fix unfixed
> > issues.
>
> I find these suggestions very agreeable... as long as someone else is
> responsible. Luckily, I am not on ffmpeg-security, so I have a rock-solid
> excuse.
ffmpeg-security is a mail alias
security reports are sent there and forwarded/delegated to the right expert
in the team. (unless they can be fixed at the spot)
Security is the responsibility of the whole Team
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No snowflake in an avalanche ever feels responsible. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250223/88463d9a/attachment.sig>
More information about the ffmpeg-devel
mailing list