[Bug 288375] multimedia/openh264: security update to v2.6.0, includes multimedia/gmp: update to Firefox135

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 288375] multimedia/openh264: security update to v2.6.0, includes multimedia/gmp: update to Firefox135"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 27 Jul 2025 20:12:23 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288375

--- Comment #13 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=dc94e017da770b37aeb0463f81dcdcbb64098223

commit dc94e017da770b37aeb0463f81dcdcbb64098223
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2025-07-21 23:15:02 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-07-27 20:11:36 +0000

    multimedia/openh264: security update to v2.6.0

    This includes a security fix:
    "- Fix potential bug in the codebase (Commit: 63db555e, PR: #3818)"
    which the 2.5.1 release described as
    "Fix decoder heap overflow vulnerability".
    <https://github.com/cisco/openh264/releases>

    But due to the other fixes, let's move to 2.6.0 right away.
    Requires gmp-api (GeckoMediaPlayer) API update to Firefox 135 to build.

    Changelog:     
https://github.com/cisco/openh264/blob/openh264v2.6.0/RELEASES#L4
    Security:       03ba1cdd-4faf-11f0-af06-00a098b42aeb
    Security:       CVE-2025-27091
    PR:             288375
    Approved by:    ports-secteam@ (fernape@)
    MFH:            2025Q3 (needs gmp-api update)

 multimedia/openh264/Makefile  | 3 ++-
 multimedia/openh264/distinfo  | 6 +++---
 multimedia/openh264/pkg-plist | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.