From unknown Thu Aug 14 21:54:38 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#72799 <72799@debbugs.gnu.org> To: bug#72799 <72799@debbugs.gnu.org> Subject: Status: [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272] Reply-To: bug#72799 <72799@debbugs.gnu.org> Date: Fri, 15 Aug 2025 04:54:38 +0000 retitle 72799 [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-727= 2] reassign 72799 guix-patches submitter 72799 ashish.is@lostca.se severity 72799 important tag 72799 security patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 24 20:38:17 2024 Received: (at submit) by debbugs.gnu.org; 25 Aug 2024 00:38:17 +0000 Received: from localhost ([127.0.0.1]:42004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1Gq-0000fH-Rk for submit@debbugs.gnu.org; Sat, 24 Aug 2024 20:38:17 -0400 Received: from lists.gnu.org ([209.51.188.17]:47928) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1Gp-0000f9-62 for submit@debbugs.gnu.org; Sat, 24 Aug 2024 20:38:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1si1G1-0004Nl-Gs for guix-patches@gnu.org; Sat, 24 Aug 2024 20:37:25 -0400 Received: from anamika.lostca.se ([65.21.75.227]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1si1Fz-00029g-QA for guix-patches@gnu.org; Sat, 24 Aug 2024 20:37:25 -0400 Received: from localhost.localdomain (poincare.inet6.in [IPv6:2a0a:4cc0:1:12d4::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id 6300D24AF2; Sun, 25 Aug 2024 00:37:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1724546229; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=d6y78MtttsNYlttEf37hder9lGwsgXD4SwK0Et575mA=; b=s5xNWabowBCc3tCPy+gXzXRFT4ct2l4BjLFxSlW1EmhPZMjdVmme2GKWVT3ihJ8WkJO7wt t5FYvFnKwZV+kbeK6djSgO0cD7cS8Z22uqb9+OfBcCY118HT4x6dzNETM9W7KmJmYlFB1q acWMJuxK4RPJMiYbQWKPISbM57VK9R8= From: ashish.is@lostca.se To: guix-patches@gnu.org Subject: [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272] Date: Sun, 25 Aug 2024 00:34:50 +0000 Message-ID: X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=65.21.75.227; envelope-from=ashish.is@lostca.se; helo=anamika.lostca.se X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Ashish SHUKLA X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) From: Ashish SHUKLA Hi, Attached series of patches updates ffmpeg to latest versions which fixes following vulnerabilities: CVE-2024-7055 CVE-2024-7272 Thanks! Ashish SHUKLA (3): gnu: ffmpeg: Update to 6.1.2 [fixes CVE-2024-7055]. gnu: ffmpeg-5: Update to 5.1.6 [fixes CVE-2024-7055, CVE-2024-7272]. gnu: ffmpeg-4: Update to 4.4.5 [fixes CVE-2024-7055]. gnu/packages/video.scm | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) base-commit: f25ea6847fa4eb1bc0a6bfb965e145b94f20a6f8 -- 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 24 20:41:09 2024 Received: (at 72799) by debbugs.gnu.org; 25 Aug 2024 00:41:09 +0000 Received: from localhost ([127.0.0.1]:42010 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1Jd-0000kT-E4 for submit@debbugs.gnu.org; Sat, 24 Aug 2024 20:41:09 -0400 Received: from anamika.lostca.se ([65.21.75.227]:60972) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1Jb-0000k8-Cz for 72799@debbugs.gnu.org; Sat, 24 Aug 2024 20:41:07 -0400 Received: from localhost.localdomain (poincare.inet6.in [IPv6:2a0a:4cc0:1:12d4::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id 9362324DAE; Sun, 25 Aug 2024 00:40:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1724546412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BfkaA0y2+DaVw405md/5L53zLUN+FA5qWXp8kX3CP78=; b=Atffx7hrC8Myl3DnIRdkd+hBZ0ZyW5zQj7ArreA/VatNKTgRd3AMzDxg7K2nbvvSVKy1k0 dWdKiZ88zOtBx0IaGz6ID+fvS0Tp9qzPHy2d/S7nm6nzFYoQ5M6GUSdXo0OsSAF+L+pfd4 DvHCMbR8Q501B+3CyOLeM5n4mIwmS3U= From: ashish.is@lostca.se To: 72799@debbugs.gnu.org Subject: [PATCH 3/3] gnu: ffmpeg-4: Update to 4.4.5 [fixes CVE-2024-7055]. Date: Sun, 25 Aug 2024 00:39:49 +0000 Message-ID: <24c7b9dde2e4d1479e58c80697d9ce4a3ca97288.1724546078.git.ashish.is@lostca.se> X-Mailer: git-send-email 2.46.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72799 Cc: Ashish SHUKLA X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) From: Ashish SHUKLA * gnu/packages/video.scm (ffmpeg-4): Update to 4.4.5. Change-Id: Ie35066988c26af338120b2ce002c767ff4c7aaec --- gnu/packages/video.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 1089e0b6ba..0c56a43ecb 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -1885,14 +1885,14 @@ (define-public ffmpeg-5 (define-public ffmpeg-4 (package (inherit ffmpeg-5) - (version "4.4.2") + (version "4.4.5") (source (origin (method url-fetch) (uri (string-append "https://ffmpeg.org/releases/ffmpeg-" version ".tar.xz")) (sha256 (base32 - "14xadxm1yaamp216nq09xwasxg5g133v86dbb33mdg5di1zrlhdg")))) + "01xb2vj4n52fv2y56n5ifirgzlg16qbgfg98f6ifbbhm6l6lwlgr")))) (inputs (modify-inputs (package-inputs ffmpeg) (replace "sdl2" sdl2-2.0))) (arguments -- 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 24 20:41:10 2024 Received: (at 72799) by debbugs.gnu.org; 25 Aug 2024 00:41:10 +0000 Received: from localhost ([127.0.0.1]:42012 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1Jd-0000kV-NT for submit@debbugs.gnu.org; Sat, 24 Aug 2024 20:41:10 -0400 Received: from anamika.lostca.se ([65.21.75.227]:60960) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1Ja-0000jt-Sq for 72799@debbugs.gnu.org; Sat, 24 Aug 2024 20:41:07 -0400 Received: from localhost.localdomain (poincare.inet6.in [IPv6:2a0a:4cc0:1:12d4::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id F0F2F24DAC; Sun, 25 Aug 2024 00:40:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1724546412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Lfm+wM3T0pxvhV4JrQmzVvbEMNUM8MWOt86uYDmW7o4=; b=Rvc6xkXZU7z1UB4DeNCaaQoph4DDqBStHtIZoVM2R0o9Hx6nhQEVERzF1x9skQszwBY+/j bnHSBE/MLKutUTpixqppsES7xBVEKA3wZ2skJtQtwHtF7+dgI0LsAuMQVHW4jkdKyXbWSx 67mi3pUjwcPgYokQxczceQMySV2hQGk= From: ashish.is@lostca.se To: 72799@debbugs.gnu.org Subject: [PATCH 2/3] gnu: ffmpeg-5: Update to 5.1.6 [fixes CVE-2024-7055, CVE-2024-7272]. Date: Sun, 25 Aug 2024 00:39:48 +0000 Message-ID: <274eeb8f1c025e31191b28e5b977eb16e6d7b7e0.1724546078.git.ashish.is@lostca.se> X-Mailer: git-send-email 2.46.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72799 Cc: Ashish SHUKLA X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) From: Ashish SHUKLA * gnu/packages/video.scm (ffmpeg-5): Update to 5.1.6. Change-Id: If86cbff17d63528b42a9c5ce2c062014251b8fcb --- gnu/packages/video.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index d8276b331e..1089e0b6ba 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -1873,14 +1873,14 @@ (define-public ffmpeg (define-public ffmpeg-5 (package (inherit ffmpeg) - (version "5.1.4") + (version "5.1.6") (source (origin (method url-fetch) (uri (string-append "https://ffmpeg.org/releases/ffmpeg-" version ".tar.xz")) (sha256 (base32 - "0qwhyhil805hns7yksdxagnrcc90h60al7lz1rc65kd1j2w3nf2l")))))) + "1g8116rp4fgq82br8lclb2dmw3fvyh2zkzhnngm7z97pg1i0dypl")))))) (define-public ffmpeg-4 (package -- 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 24 20:41:39 2024 Received: (at 72799) by debbugs.gnu.org; 25 Aug 2024 00:41:39 +0000 Received: from localhost ([127.0.0.1]:42015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1K7-0000lN-4D for submit@debbugs.gnu.org; Sat, 24 Aug 2024 20:41:39 -0400 Received: from anamika.lostca.se ([65.21.75.227]:48602) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1K4-0000l5-6f for 72799@debbugs.gnu.org; Sat, 24 Aug 2024 20:41:37 -0400 Received: from localhost.localdomain (poincare.inet6.in [IPv6:2a0a:4cc0:1:12d4::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id 9C8B724B6C; Sun, 25 Aug 2024 00:40:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1724546410; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cwdw7CL5mqSFD9SUeKLH/hkJPB7+lsT6RXdJm5N/kac=; b=ehDZjTLBp0qzg0/KeNzaPYNy4u1UduEnegZZ2xjUunqgF9D1jU1v9kSJNEKTWA0QitWWCs ySKqFASXm8qGtVz4g5trszza07CVwm1CLOPx63RomE9AAzPKS9b0LnSJOvVRjqI1MTadD5 NzSLyYfsI59ernWNmE1S5zo6kEmwaTo= From: ashish.is@lostca.se To: 72799@debbugs.gnu.org Subject: [PATCH 1/3] gnu: ffmpeg: Update to 6.1.2 [fixes CVE-2024-7055]. Date: Sun, 25 Aug 2024 00:39:47 +0000 Message-ID: <3608fedabb4c19adc34ebfec4d77f4f577b60328.1724546078.git.ashish.is@lostca.se> X-Mailer: git-send-email 2.46.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72799 Cc: Ashish SHUKLA X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) From: Ashish SHUKLA * gnu/packages/video.scm (ffmpeg): Update to 6.1.2. Change-Id: I4f15c4619da8b1dba474237cd839e2c79f651346 --- gnu/packages/video.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 7d22d2f8f7..d8276b331e 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -69,6 +69,7 @@ ;;; Copyright © 2023 Jaeme Sifat ;;; Copyright © 2023 Zheng Junjie <873216071@qq.com> ;;; Copyright © 2024 Artyom V. Poptsov +;;; Copyright © 2024 Ashish SHUKLA ;;; ;;; This file is part of GNU Guix. ;;; @@ -1670,14 +1671,14 @@ (define-public libva-utils (define-public ffmpeg (package (name "ffmpeg") - (version "6.1.1") + (version "6.1.2") (source (origin (method url-fetch) (uri (string-append "https://ffmpeg.org/releases/ffmpeg-" version ".tar.xz")) (sha256 (base32 - "0s7r2qv8gh2a3w568n9xxgcz0q8j5ww1jdsci1hm9f4l1yqg9146")))) + "0f2fr8ywchhlkdff88lr4d4vscqzsi1ndjh3r5jwbkayf94lcqiv")))) (outputs '("out" "debug")) (build-system gnu-build-system) (inputs -- 2.46.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 24 20:44:01 2024 Received: (at control) by debbugs.gnu.org; 25 Aug 2024 00:44:01 +0000 Received: from localhost ([127.0.0.1]:42021 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1MO-0000pU-Pd for submit@debbugs.gnu.org; Sat, 24 Aug 2024 20:44:00 -0400 Received: from anamika.lostca.se ([65.21.75.227]:39602) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1si1MN-0000pD-0R for control@debbugs.gnu.org; Sat, 24 Aug 2024 20:43:59 -0400 Received: from localhost (unknown [IPv6:2401:4900:1c49:26b5:e751:8c5c:1ef6:ef2f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id B517124CD4; Sun, 25 Aug 2024 00:43:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1724546584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9vH5DTXcJij84X+TuSe9VPwMegCJ5IhMXnOZQvMen/w=; b=TME4kfUwlp8zL7KLs5AJFpg9pVno5z/GdxTRUYp7T9hCGzQpM8a94o9/JLll/tUknHfLld p485STyxNPx2ROIVdv2RImP72HcEwdBuLLDePASVhb4WrdQyhlc9xCBUScrJefKSIGy4X8 1Y5gVMqocNd3ugmnm2QsxafIuZ+UEs8= Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8; format=Flowed Date: Sun, 25 Aug 2024 06:12:57 +0530 Message-Id: Subject: update bug state From: "Ashish SHUKLA" To: X-Mailer: aerc 0.18.2 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tag 72799 security severity 72799 important quit From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 30 17:32:14 2024 Received: (at 72799) by debbugs.gnu.org; 30 Aug 2024 21:32:15 +0000 Received: from localhost ([127.0.0.1]:53530 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sk9E6-0004aE-OD for submit@debbugs.gnu.org; Fri, 30 Aug 2024 17:32:14 -0400 Received: from mail-lj1-f174.google.com ([209.85.208.174]:53305) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sk9E5-0004Zz-6i for 72799@debbugs.gnu.org; Fri, 30 Aug 2024 17:32:13 -0400 Received: by mail-lj1-f174.google.com with SMTP id 38308e7fff4ca-2f029e9c9cfso27147121fa.2 for <72799@debbugs.gnu.org>; Fri, 30 Aug 2024 14:31:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725053409; x=1725658209; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:to:from:from:to:cc:subject:date:message-id:reply-to; bh=fXOAsJUCuMCOsOP3rLRcEB/wQS2ElapL4FcC/3y0pWQ=; b=f62ABd3Y3zq/9iR/4IfbmqbtsDwBb2PtdXwEnMZE2ckZqAwQh1zhU5pUIIGCz7CXfv CWZUB6D2kHqdNP5QqiqMNdThV9EJwfU1pW9p6ss6Yt8hXU4vyfw3AvCsdB2OStUuHivp ZqafRu0PY9sjfTz30zB7qjqG0yajsF+pc7sye2JB11G05VGeiNL7yCrPbUJgHC5p/Zfm R1k96j4wOJpBSTz9wzpFV9hc9eXxEa1fc45xLNxsjOXVWXPImC3fPvUGblwFUa9CtP2I 4HGzBSQFpnGid0eSkETMXrGM9sbOnReoQ9uA3Ax+crm1Md2Q59CRbV7dh8VokZ7YGZZo NK9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725053409; x=1725658209; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fXOAsJUCuMCOsOP3rLRcEB/wQS2ElapL4FcC/3y0pWQ=; b=rQpAhEGW1njDn22XeBMONA+X8sxt6wHWGDXRd8zgvz4ijWQe0xOg6/4wrFTXaHgYZ4 VLx44JBe1Zp1T47D5HekrW4dYkE+Ikrem026Q7QkxjP6J8i66XagVxkIK4H5eWwQEsBK aiY2DFkSLgLQ4PPOIWFxd/4yl+cKKuhqdASkYQsE7zRVYmHosfMv1fKVxSGuHDcn/0ze SoAP3IXcCYfTf0/v8o7ffP0aPVlvzKuTg4YpJJSrC1X+RKS0Ndn7TDam9iwlgokovf3n K5hmgoDfalhurkF83vTf22pa2MyWSnrPfHb5Or6y4BjOHKCYrxmgiiVBuzR5IN0VThkr J3KQ== X-Gm-Message-State: AOJu0YyVMaswrd0E0wDGZQrmatt1WA7kbD9iDzc8m4qRpFMi5BJhOvlb sRBUwE6GCu/QZO3prUft3H3Qf+f20XThqDM7Zb3J4H9CJZrE1R/wRFSeC2tVpqs= X-Google-Smtp-Source: AGHT+IHTqWJMnUfMPoSvJVtN4XqL+4AvGIRiViJVixe4auOSS+ihzOHNHqdcoKnCDydnMmd/yVOPPg== X-Received: by 2002:a2e:b8d6:0:b0:2f1:750d:53a7 with SMTP id 38308e7fff4ca-2f6105c4993mr70667541fa.8.1725053408470; Fri, 30 Aug 2024 14:30:08 -0700 (PDT) Received: from bumblebee-mighty ([92.51.75.166]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-2f614f007aasm8413871fa.38.2024.08.30.14.30.07 for <72799@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Aug 2024 14:30:08 -0700 (PDT) From: Rodion Goritskov To: 72799@debbugs.gnu.org Subject: Re: [bug#72799] [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272] In-Reply-To: (ashish is's message of "Sun, 25 Aug 2024 00:34:50 +0000") References: Date: Sat, 31 Aug 2024 01:30:05 +0400 Message-ID: <87r0a5aeci.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72799 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi! Patches apply and build fine. However, it looks like ffmpeg-4 and ffmpeg-6 triggers lots (~1000 for ffmpeg-4 and ~700 for ffmpeg-6) package rebuilds. ffmpeg-5 is fine, only 12 packages to be rebuild. Maybe ffmpeg-4 and ffmpeg-6 should be grafted (these CVEs looks scary) and patches for them send in the separate branch? Need some experienced maintainers to understand how it should be resolved. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 12 07:10:49 2024 Received: (at 72799-done) by debbugs.gnu.org; 12 Nov 2024 12:10:49 +0000 Received: from localhost ([127.0.0.1]:60970 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tApjN-0003zH-D6 for submit@debbugs.gnu.org; Tue, 12 Nov 2024 07:10:49 -0500 Received: from mail-pg1-f177.google.com ([209.85.215.177]:54635) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tApjL-0003z1-EU for 72799-done@debbugs.gnu.org; Tue, 12 Nov 2024 07:10:47 -0500 Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-7ee11ff7210so4160906a12.1 for <72799-done@debbugs.gnu.org>; Tue, 12 Nov 2024 04:10:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731413382; x=1732018182; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=C5yoiCIbnfYVqtuOhaA52xkhwb/jYzZ8B6R0nk+AxS8=; b=KPmvKb4BKEpTqMvGEBSuN8QdreclfltLMGpV0PlUAErXU6b4VT0YwnoH0cIwTx1qTq XQgpJbAf9sq7dArcna28Ns7PNHA77QYmlwe3lOlslKZHLrZpXPOoV9sPAAGNoI8TLgOk nD21Mi8R+PrjnyUtXkv/eKqiZO8lQGi/B6m4Uwmq3XAmhUoXcP3pxLuLmZEE+FksHf48 vn+8O+yVfTMi4UR6ACzlgmD3cuOIxLYYJ8Oa2pqTFiKs9DT9SyGoORzMIOhw55cG2cq2 bNb5xT/L/UAl02uROSQd9USWYQ+IE4/JlSOcyYIYiF78DJCveDLO2P8uzKumHYdhG+S3 Crmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731413382; x=1732018182; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=C5yoiCIbnfYVqtuOhaA52xkhwb/jYzZ8B6R0nk+AxS8=; b=eD/iZQrkVGMMRegD7NXCZmvSxaGzT2GaHfQHCvnK2k0mR43yrycY2wXBZSTja5Ipyf E5Lo/S2oxaYn+/m7UbMvVQbEms7fcIM83D6lOv9Hqrd8SqrE14BpRu1oe4kqjhJEo9aT qIReFfTpovzf/fyphUdiRvezvP2KxljC4oNd2ba1LLJdnzS4fed4yzt9LEWNfx2FcU/R upvjCC/lgOlMeVldV8ScQy4lZpSHLRGqNH4xbznx4DVao2+4AhkD6fnqzYEv5qDZqSGT uW7vP9fy4WHCBIXmjH0wtDlcJZdODvroYSQUxZV7hsreLaR/1kbrQA64Jxsh6N9ZURlu Hs3A== X-Gm-Message-State: AOJu0Ywifo0g5kUjsUiuudqDXEOpa3aSMYPOFq1xzP6v/Hi19iNeCg4E lSL6bLZx0LJlWAFxFULqrkm+43GjDiLM2tih38MbHt/9YyNL4QSHSRRFxSxp X-Google-Smtp-Source: AGHT+IEPdHWlVvnvudDmWpqe80Zo+AS83L2PLwQxJAWi8L2kA7E5px/aZCGz3drmwm1JlwrfaFg0sg== X-Received: by 2002:a05:6a21:339a:b0:1db:ec3e:c959 with SMTP id adf61e73a8af0-1dc2292f6fcmr23233217637.10.1731413381732; Tue, 12 Nov 2024 04:09:41 -0800 (PST) Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72407860a37sm10906286b3a.30.2024.11.12.04.09.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Nov 2024 04:09:41 -0800 (PST) From: Maxim Cournoyer To: Rodion Goritskov Subject: Re: [bug#72799] [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272] In-Reply-To: <87r0a5aeci.fsf@gmail.com> (Rodion Goritskov's message of "Sat, 31 Aug 2024 01:30:05 +0400") References: <87r0a5aeci.fsf@gmail.com> Date: Tue, 12 Nov 2024 21:09:34 +0900 Message-ID: <871pzg4ps1.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72799-done Cc: 72799-done@debbugs.gnu.org, ashish.is@lostca.se X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Rodion Goritskov writes: > Hi! > > Patches apply and build fine. > > However, it looks like ffmpeg-4 and ffmpeg-6 triggers lots (~1000 for > ffmpeg-4 and ~700 for ffmpeg-6) package rebuilds. > ffmpeg-5 is fine, only 12 packages to be rebuild. > > Maybe ffmpeg-4 and ffmpeg-6 should be grafted (these CVEs looks scary) and patches for them send > in the separate branch? > > Need some experienced maintainers to understand how it should be resolved. It would have been better to build on a topic branch, but I've opted to take a shortcut here and push directly to master for this time. Closing! -- Thanks, Maxim From unknown Thu Aug 14 21:54:38 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 10 Dec 2024 12:24:19 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator