Date: Fri, 02 Oct 2015 18:20:33 +0000 From: bugzilla-noreply@freebsd.org To: multimedia@FreeBSD.org Subject: [Bug 203502] multimedia/ffmpeg -- multiple vulnerabilities Message-ID: <bug-203502-12827-q9SmvnbuEF@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-203502-12827@https.bugs.freebsd.org/bugzilla/> References: <bug-203502-12827@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203502 Jan Beich <jbeich@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jbeich@FreeBSD.org Status|New |Closed Resolution|--- |Works As Intended --- Comment #1 from Jan Beich <jbeich@FreeBSD.org> --- gstreamer1-libav was fixed by ports r397984 before 2015Q4 branched. 2015Q3 isn't supported since 2015-10-01. So, why are your gstreamr1* packages still at 1.4.5? A few ports maintained by multimedia@ are still affected: multimedia/avidemux and multimedia/gstreamer-ffmpeg. avidemux is waiting for the next upstream release. gstreamer-ffmpeg is not maintained upstream (entire 0.x series) and needs either to be removed or having fixes backported. Depending on ffmpeg0 wouldn't help as that isn't maintained upstream as well. Other ports in those VuXML entries mainly illustrate liability from not respecting system libs[1]. Upstream of multimedia/libav probably has different priorities unless all those vulnerabilites don't apply to their diverged code. If you want a specific port fixed then it should be noted in Summary. Each port requires different amount of work and has different maintainer. VuXML itself is advisory in nature and can be ignored in certain cases (by default for PACKAGE_BUILDING) or fixed if inaccurate. [1] https://www.freebsd.org/doc/en/books/porters-handbook/bundled-libs.html -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203502-12827-q9SmvnbuEF>