CVEs affecting ffmpeg 4.4.1 #2051
Assignees
Comments
|
I don't expect this going to be worked in the Kirkstone branch, as there is a new version already included in new Scarthgap release. |
|
This appears to also affect the newest release as well, which also includes ffmpeg 4.4.1. |
|
There appear to be a new batch of CVEs that affect ffmpeg 4.4.1. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
After running cve-check on the Kirkstone branch, several CVEs have been identified with ffmpeg 4.4.1.
I've experimented with applying the patches for these CVEs to ffmpeg 4.4.1. All of the patches have merge conflicts. Four of the CVE patches do not even appear to apply to files that exist in 4.4.1, meaning the CVE might not exist on 4.4.1, or is hidden somewhere else in the code. Upgrading ffmpeg might be the better solution, but 1c6c0f6 indicates there is a blocker from being able to upgrade ffmpeg. Will this be resolved so a newer version of ffmpeg can be used?
The text was updated successfully, but these errors were encountered: