GNU bug report logs - #72799
[PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]

Previous Next

Package: guix-patches;

Reported by: ashish.is <at> lostca.se

Date: Sun, 25 Aug 2024 00:39:01 UTC

Severity: important

Tags: patch, security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: ashish.is <at> lostca.se
Subject: bug#72799: closed (Re: [bug#72799] [PATCH 0/3] ffmpeg updates
 [fixes CVE-2024-7055, CVE-2024-7272])
Date: Tue, 12 Nov 2024 12:11:03 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#72799: [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 72799 <at> debbugs.gnu.org.

-- 
72799: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=72799
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Rodion Goritskov <rodion.goritskov <at> gmail.com>
Cc: 72799-done <at> debbugs.gnu.org, ashish.is <at> lostca.se
Subject: Re: [bug#72799] [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055,
 CVE-2024-7272]
Date: Tue, 12 Nov 2024 21:09:34 +0900

Hello,

Rodion Goritskov <rodion.goritskov <at> gmail.com> writes:

> Hi!
>
> Patches apply and build fine.
>
> However, it looks like ffmpeg-4 and ffmpeg-6 triggers lots (~1000 for
> ffmpeg-4 and ~700 for ffmpeg-6) package rebuilds.
> ffmpeg-5 is fine, only 12 packages to be rebuild.
>
> Maybe ffmpeg-4 and ffmpeg-6 should be grafted (these CVEs looks scary) and patches for them send
> in the separate branch?
>
> Need some experienced maintainers to understand how it should be resolved.

It would have been better to build on a topic branch, but I've opted to
take a shortcut here and push directly to master for this time.

Closing!

-- 
Thanks,
Maxim


[Message part 3 (message/rfc822, inline)]
From: ashish.is <at> lostca.se
To: guix-patches <at> gnu.org
Cc: Ashish SHUKLA <ashish.is <at> lostca.se>
Subject: [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]
Date: Sun, 25 Aug 2024 00:34:50 +0000

From: Ashish SHUKLA <ashish.is <at> lostca.se>

Hi,

Attached series of patches updates ffmpeg to latest versions which fixes
following vulnerabilities:

CVE-2024-7055
CVE-2024-7272

Thanks!

Ashish SHUKLA (3):
  gnu: ffmpeg: Update to 6.1.2 [fixes CVE-2024-7055].
  gnu: ffmpeg-5: Update to 5.1.6 [fixes CVE-2024-7055, CVE-2024-7272].
  gnu: ffmpeg-4: Update to 4.4.5 [fixes CVE-2024-7055].

 gnu/packages/video.scm | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)


base-commit: f25ea6847fa4eb1bc0a6bfb965e145b94f20a6f8
-- 
2.46.0
This bug report was last modified 247 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.