GNU bug report logs - #72799
[PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]

Previous Next

Package: guix-patches;

Reported by: ashish.is <at> lostca.se

Date: Sun, 25 Aug 2024 00:39:01 UTC

Severity: important

Tags: patch, security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #21 received at 72799 <at> debbugs.gnu.org (full text, mbox):

From: Rodion Goritskov <rodion.goritskov <at> gmail.com>
To: 72799 <at> debbugs.gnu.org
Subject: Re: [bug#72799] [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055,
 CVE-2024-7272]
Date: Sat, 31 Aug 2024 01:30:05 +0400

Hi!

Patches apply and build fine.

However, it looks like ffmpeg-4 and ffmpeg-6 triggers lots (~1000 for
ffmpeg-4 and ~700 for ffmpeg-6) package rebuilds.
ffmpeg-5 is fine, only 12 packages to be rebuild.

Maybe ffmpeg-4 and ffmpeg-6 should be grafted (these CVEs looks scary) and patches for them send
in the separate branch?

Need some experienced maintainers to understand how it should be resolved.

This bug report was last modified 247 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #72799 [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]

GNU bug report logs - #72799
[PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]