GNU bug report logs - #72799
[PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]

Previous Next

Package: guix-patches;

Reported by: ashish.is <at> lostca.se

Date: Sun, 25 Aug 2024 00:39:01 UTC

Severity: important

Tags: patch, security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #26 received at 72799-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Rodion Goritskov <rodion.goritskov <at> gmail.com>
Cc: 72799-done <at> debbugs.gnu.org, ashish.is <at> lostca.se
Subject: Re: [bug#72799] [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055,
 CVE-2024-7272]
Date: Tue, 12 Nov 2024 21:09:34 +0900

Hello,

Rodion Goritskov <rodion.goritskov <at> gmail.com> writes:

> Hi!
>
> Patches apply and build fine.
>
> However, it looks like ffmpeg-4 and ffmpeg-6 triggers lots (~1000 for
> ffmpeg-4 and ~700 for ffmpeg-6) package rebuilds.
> ffmpeg-5 is fine, only 12 packages to be rebuild.
>
> Maybe ffmpeg-4 and ffmpeg-6 should be grafted (these CVEs looks scary) and patches for them send
> in the separate branch?
>
> Need some experienced maintainers to understand how it should be resolved.

It would have been better to build on a topic branch, but I've opted to
take a shortcut here and push directly to master for this time.

Closing!

-- 
Thanks,
Maxim

This bug report was last modified 247 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #72799 [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]

GNU bug report logs - #72799
[PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]