On 2/23/2025 6:12 AM, Michael Niedermayer wrote:
> Hi
> 
> On Sun, Feb 23, 2025 at 09:56:35AM +0100, Michael Niedermayer wrote:
>> Hi all
>>
>> Today ffmpeg-security was asked why 5 security fixes are missing in 6.1
>> and from our security page.
>>
>> These issues where posted publically on trac, and fixed by FFmpeg developers.
>> Then someone seems to have registered CVE #s but not mailed ffmpeg-security
>>
>> I suggest
>> 1. if you fix a security issue or apply a security fix, make sure it is
>> backported to all supported releases
>> 2. if you see a CVE # thats not on the security page, mail ffmpeg-security
>> 3. If you see issues on trac that seem important, please make sure they
>> are fixed and backported, having someone like carl who knew and maintained
>> all issues would be quite usefull
> 
> 4. Someone should cross check
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffmpeg and our security page
> and backported fixes and backport missing fixes and fix unfixed issues.

Why are there memory leaks with a CVE?

Also, CVE-2025-1373 is wrong, it doesn't apply to any release, only git 
master.

> 
> thx
> 
> [...]
> 
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".