Date: Mon, 21 Sep 2020 10:26:11 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 249484] multimedia/mythtv: Update to 31.0 Message-ID: <bug-249484-7788-xqk1Bb4ZzI@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-249484-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-249484-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D249484 --- Comment #3 from Alan Hicks <ahicks@p-o.co.uk> --- CVE-2016-10191 only lists before 3.2.2 as vulnerable, the version of ffmpeg included in 31.0 is 4.2.1, there isn't an option to use ffmpeg from ports. I've checked the source file work/mythtv-31.0/mythtv/external/FFmpeg/libavformat/rtmppkt.c and it contains the check for "RTMP packet size mismatch" from patch-CVE-2016-10191. head -n 4 work/mythtv-31.0/mythtv/external/FFmpeg/Changelog Entries are sorted chronologically from oldest to youngest within each rele= ase, releases are sorted from youngest to oldest. version 4.2.1: https://nvd.nist.gov/vuln/detail/CVE-2016-10191 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-249484-7788-xqk1Bb4ZzI>