* [FFmpeg-devel] [PATCH] web/security: what not to post to ffmpeg-security
@ 2025-11-12 1:40 Michael Niedermayer via ffmpeg-devel
2025-11-12 1:41 ` [FFmpeg-devel] " James Almer via ffmpeg-devel
0 siblings, 1 reply; 3+ messages in thread
From: Michael Niedermayer via ffmpeg-devel @ 2025-11-12 1:40 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Michael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
src/security | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security b/src/security
index 0d5f8dd..65b25bc 100644
--- a/src/security
+++ b/src/security
@@ -1,4 +1,4 @@
-<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a></p>
+<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a>. Note, we have recently seen a spike in false positives. Make sure that what you report are real issues either by providing a PoC or by carefull human verification.</p>
<h2>FFmpeg git master</h2>
<p>
--
2.51.0
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* [FFmpeg-devel] Re: [PATCH] web/security: what not to post to ffmpeg-security
2025-11-12 1:40 [FFmpeg-devel] [PATCH] web/security: what not to post to ffmpeg-security Michael Niedermayer via ffmpeg-devel
@ 2025-11-12 1:41 ` James Almer via ffmpeg-devel
2025-11-12 2:27 ` Michael Niedermayer via ffmpeg-devel
0 siblings, 1 reply; 3+ messages in thread
From: James Almer via ffmpeg-devel @ 2025-11-12 1:41 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: James Almer
[-- Attachment #1.1.1: Type: text/plain, Size: 846 bytes --]
On 11/11/2025 10:40 PM, Michael Niedermayer via ffmpeg-devel wrote:
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> src/security | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/security b/src/security
> index 0d5f8dd..65b25bc 100644
> --- a/src/security
> +++ b/src/security
> @@ -1,4 +1,4 @@
> -<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a></p>
> +<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a>. Note, we have recently seen a spike in false positives. Make sure that what you report are real issues either by providing a PoC or by carefull human verification.</p>
"careful".
LGTM otherwise.
>
> <h2>FFmpeg git master</h2>
> <p>
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
[-- Attachment #2: Type: text/plain, Size: 163 bytes --]
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* [FFmpeg-devel] Re: [PATCH] web/security: what not to post to ffmpeg-security
2025-11-12 1:41 ` [FFmpeg-devel] " James Almer via ffmpeg-devel
@ 2025-11-12 2:27 ` Michael Niedermayer via ffmpeg-devel
0 siblings, 0 replies; 3+ messages in thread
From: Michael Niedermayer via ffmpeg-devel @ 2025-11-12 2:27 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Michael Niedermayer
[-- Attachment #1.1: Type: text/plain, Size: 1180 bytes --]
On Tue, Nov 11, 2025 at 10:41:49PM -0300, James Almer via ffmpeg-devel wrote:
> On 11/11/2025 10:40 PM, Michael Niedermayer via ffmpeg-devel wrote:
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > src/security | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/security b/src/security
> > index 0d5f8dd..65b25bc 100644
> > --- a/src/security
> > +++ b/src/security
> > @@ -1,4 +1,4 @@
> > -<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a></p>
> > +<p>Please report vulnerabilities to <a href="mailto:ffmpeg-security@ffmpeg.org">ffmpeg-security@ffmpeg.org</a>. Note, we have recently seen a spike in false positives. Make sure that what you report are real issues either by providing a PoC or by carefull human verification.</p>
>
> "careful".
changed
>
> LGTM otherwise.
applied
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 163 bytes --]
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-11-12 2:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-12 1:40 [FFmpeg-devel] [PATCH] web/security: what not to post to ffmpeg-security Michael Niedermayer via ffmpeg-devel
2025-11-12 1:41 ` [FFmpeg-devel] " James Almer via ffmpeg-devel
2025-11-12 2:27 ` Michael Niedermayer via ffmpeg-devel
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git