[Bug 275057] audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch

Reply: bugzilla-noreply_a_freebsd.org: "maintainer-feedback requested: [Bug 275057] audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275057] audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275057] audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275057] audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 13 Nov 2023 16:49:01 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275057

            Bug ID: 275057
           Summary: audio/libsndfile: CVE-2022-33065 fix not available in
                    quarterly branch
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: multimedia@FreeBSD.org
          Reporter: warisap237@mainmile.com
          Assignee: multimedia@FreeBSD.org
             Flags: maintainer-feedback?(multimedia@FreeBSD.org)

Commits a1f663e8d4a65 and 5dd1286fb9055, which fix the CVE-2022-33065 security
vulnerability in libsndfile, are only included in the main Git branch and not
in the quarterly 2023Q4 branch.

As I understand it, the commits need to be cherry-picked onto the 2023Q4 Git
branch for the fix to be included in the next build of the quarterly package
branch.

-- 
You are receiving this mail because:
You are the assignee for the bug.