Date: Wed, 23 Dec 2015 09:06:48 -0500 From: Michael Jung <mikej@mikej.com> To: freebsd-ports@freebsd.org Subject: Reporting fixes so that vuxml can be updated Message-ID: <f24ccbebdbd250ca0d5436d8605929ff@192.168.6.63>
next in thread | raw e-mail | index | archive | help
Hi, "pkg audit" on my system returns the following CVE's for ffmpeg. I have noted in the list below that http://www.ffmpeg.org/security.html claims these CVE's were fixed in the ffmpeg version noted. Is this the correct place/list to report updates to that vuxml can be updated? I know there was a discussion about ports and security reporting and updating but I don't remember an outcome. Happy holidays, --mikej handbrake-0.10.2_2 is vulnerable: ffmpeg -- multiple vulnerabilities CVE: CVE-2015-6826 < Fixed in 2.7.2 CVE: CVE-2015-6825 < Fixed in 2.7.2 CVE: CVE-2015-6824 < Fixed in 2.7.2 CVE: CVE-2015-6823 < Fixed in 2.7.2 CVE: CVE-2015-6822 < Fixed in 2.7.2 CVE: CVE-2015-6821 < Fixed in 2.7.2 CVE: CVE-2015-6820 < Fixed in 2.7.2 CVE: CVE-2015-6819 < Fixed in 2.7.2 CVE: CVE-2015-6818 < Fixed in 2.7.2 WWW: https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html handbrake-0.10.2_2 is vulnerable: ffmpeg -- use-after-free CVE: CVE-2015-3417 < Fixed in 2.5.2 WWW: https://vuxml.FreeBSD.org/freebsd/da434a78-e342-4d9a-87e2-7497e5f117ba.html handbrake-0.10.2_2 is vulnerable: ffmpeg -- multiple vulnerabilities CVE: CVE-2015-8365 < Fixed in 2.4.12 CVE: CVE-2015-8364 < Fixed in 2.4.12 CVE: CVE-2015-8363 < Fixed in 2.4.12 CVE: CVE-2015-8219 < Fixed in 2.4.12 CVE: CVE-2015-8218 < Fixed in 2.8.2 CVE: CVE-2015-8217 < Fixed in 2.8.2 CVE: CVE-2015-8216 < Fixed in 2.8.2 CVE: CVE-2015-6761 < Fixed in 2.8.2 WWW: https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html handbrake-0.10.2_2 is vulnerable: ffmpeg -- out-of-bounds array access CVE: CVE-2015-3395 < Fixed in 2.7 WWW: https://vuxml.FreeBSD.org/freebsd/80c66af0-d1c5-449e-bd31-63b12525ff88.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f24ccbebdbd250ca0d5436d8605929ff>