From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 7A59A4CBA5 for ; Fri, 8 Aug 2025 11:57:33 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 76E6768CB8E; Fri, 8 Aug 2025 14:57:28 +0300 (EEST) Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 165CD68B9E4 for ; Fri, 8 Aug 2025 14:57:22 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 5716C43933 for ; Fri, 8 Aug 2025 11:57:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1754654241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=y0bTpWlxA+aRTZ6hjynEk0wRFIotU6GMuI2tffX0nNU=; b=TYwQGNl38D8QbV5LgddsvrWTyvMNtY0uzuycMTvpcWkngaUd8wcgSQxnb2j1ffQLA/ccI+ r/p0auscluHl4hQR/h1Sxgnl8YWNOMf4FdjB58yigEyaaHRJ19by+f0ceu7fqmKo/3uYmz mQ95LrC28fxuzxdq2M3BhuLoRjlOHoFaTnZLJ6Zqt+LdEiUyEDAvNFcb35ID1RqYFQlTkJ HIWBuW/9xkJpBMwWalnArv805Iyme44jZ/1u4COsaiVmq2LPSRU3I5E6JPHfmWZ8TwcoB8 n2bm17WHiEOl5MH+djHXwxgJgylvT7kAX3kZpiRMa+6YyKgsm+I1GsnOtBbRhw== Date: Fri, 8 Aug 2025 13:57:20 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20250808115720.GF29660@pb2> References: <20250806103624.GW29660@pb2> MIME-Version: 1.0 In-Reply-To: <20250806103624.GW29660@pb2> X-GND-State: clean X-GND-Score: -70 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgdduvdefjeehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdeftddmnecujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefoihgthhgrvghlucfpihgvuggvrhhmrgihvghruceomhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtqeenucggtffrrghtthgvrhhnpeeigeektdejudffjefhteegjedtgeettefggedthfejgfevhfetgeekjedtvdfhveenucfkphepgedurdeiiedrieehrddujeeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepgedurdeiiedrieehrddujeeipdhhvghloheplhhotggrlhhhohhsthdpmhgrihhlfhhrohhmpehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgdpnhgspghrtghpthhtohepuddprhgtphhtthhopehffhhmphgvghdquggvvhgvlhesfhhfmhhpvghgrdhorhhg X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] fuzzer and security issues X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============2460208269676785218==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============2460208269676785218== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="KtGdxSygEZ6AbQ8y" Content-Disposition: inline --KtGdxSygEZ6AbQ8y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi On Wed, Aug 06, 2025 at 12:36:24PM +0200, Michael Niedermayer wrote: > Hi all >=20 > theres been a surge of new issues being reported in recent days. > And its affecting release schedule a bit >=20 > People having access to ffmpeg-security or ossfuzz, are welcome to > help with fixing them. > (general rule is check ML for the testcase filename, before working on a = case > or just ask me on IRC if iam working on a specific issue > we will have to figure out how to best coordinate) >=20 > People who want to help but have no access, mail me or send me a private = message on irc some statistics: we have 17 open security vulnerabilities in ossfuzz from these several have fixes, one is in an external lib (libopus) we have 57 open issues (not limited to security) in ossfuzz Also the rate of new issues seems going up and there are also now fully AI genrated reports, that is "google big sleep" This continuous stream of security issues is a factor in the 8.0 release being late. thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Some Animals are More Equal Than Others. - George Orwell's book Animal Farm --KtGdxSygEZ6AbQ8y Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaJXmAwAKCRBhHseHBAsP q9BXAJ9clINa7TBXmf5HiiNyAJ870E9d+gCfdVmIdIHEVXwTD9JVZcafxD+fWLg= =g+In -----END PGP SIGNATURE----- --KtGdxSygEZ6AbQ8y-- --===============2460208269676785218== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============2460208269676785218==--