Hi

On Sun, Feb 23, 2025 at 09:56:35AM +0100, Michael Niedermayer wrote:
> Hi all
> 
> Today ffmpeg-security was asked why 5 security fixes are missing in 6.1
> and from our security page.
> 
> These issues where posted publically on trac, and fixed by FFmpeg developers.
> Then someone seems to have registered CVE #s but not mailed ffmpeg-security
> 
> I suggest
> 1. if you fix a security issue or apply a security fix, make sure it is
> backported to all supported releases
> 2. if you see a CVE # thats not on the security page, mail ffmpeg-security
> 3. If you see issues on trac that seem important, please make sure they
> are fixed and backported, having someone like carl who knew and maintained
> all issues would be quite usefull

4. Someone should cross check
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffmpeg and our security page
and backported fixes and backport missing fixes and fix unfixed issues.

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The smallest minority on earth is the individual. Those who deny 
individual rights cannot claim to be defenders of minorities. - Ayn Rand