From owner-freebsd-multimedia@freebsd.org Fri Oct 2 18:20:33 2015 Return-Path: Delivered-To: freebsd-multimedia@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14CDAA0D959 for ; Fri, 2 Oct 2015 18:20:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id ED2821052 for ; Fri, 2 Oct 2015 18:20:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id EADE1A0D958; Fri, 2 Oct 2015 18:20:32 +0000 (UTC) Delivered-To: multimedia@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA73DA0D957 for ; Fri, 2 Oct 2015 18:20:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BD2301051 for ; Fri, 2 Oct 2015 18:20:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t92IKWaf059434 for ; Fri, 2 Oct 2015 18:20:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: multimedia@FreeBSD.org Subject: [Bug 203502] multimedia/ffmpeg -- multiple vulnerabilities Date: Fri, 02 Oct 2015 18:20:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jbeich@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: multimedia@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-multimedia@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Multimedia discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2015 18:20:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203502 Jan Beich changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jbeich@FreeBSD.org Status|New |Closed Resolution|--- |Works As Intended --- Comment #1 from Jan Beich --- gstreamer1-libav was fixed by ports r397984 before 2015Q4 branched. 2015Q3 isn't supported since 2015-10-01. So, why are your gstreamr1* packages still at 1.4.5? A few ports maintained by multimedia@ are still affected: multimedia/avidemux and multimedia/gstreamer-ffmpeg. avidemux is waiting for the next upstream release. gstreamer-ffmpeg is not maintained upstream (entire 0.x series) and needs either to be removed or having fixes backported. Depending on ffmpeg0 wouldn't help as that isn't maintained upstream as well. Other ports in those VuXML entries mainly illustrate liability from not respecting system libs[1]. Upstream of multimedia/libav probably has different priorities unless all those vulnerabilites don't apply to their diverged code. If you want a specific port fixed then it should be noted in Summary. Each port requires different amount of work and has different maintainer. VuXML itself is advisory in nature and can be ignored in certain cases (by default for PACKAGE_BUILDING) or fixed if inaccurate. [1] https://www.freebsd.org/doc/en/books/porters-handbook/bundled-libs.html -- You are receiving this mail because: You are the assignee for the bug.