[Bug 203502] multimedia/ffmpeg -- multiple vulnerabilities

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Oct 2 18:20:33 UTC 2015


Jan Beich <jbeich at FreeBSD.org> changed:

           What    |Removed                     |Added
                 CC|                            |jbeich at FreeBSD.org
             Status|New                         |Closed
         Resolution|---                         |Works As Intended

--- Comment #1 from Jan Beich <jbeich at FreeBSD.org> ---
gstreamer1-libav was fixed by ports r397984 before 2015Q4 branched. 2015Q3
isn't supported since 2015-10-01. So, why are your gstreamr1* packages still at

A few ports maintained by multimedia@ are still affected: multimedia/avidemux
and multimedia/gstreamer-ffmpeg. avidemux is waiting for the next upstream
release. gstreamer-ffmpeg is not maintained upstream (entire 0.x series) and
needs either to be removed or having fixes backported. Depending on ffmpeg0
wouldn't help as that isn't maintained upstream as well.

Other ports in those VuXML entries mainly illustrate liability from not
respecting system libs[1]. Upstream of multimedia/libav probably has different
priorities unless all those vulnerabilites don't apply to their diverged code.

If you want a specific port fixed then it should be noted in Summary. Each port
requires different amount of work and has different maintainer. VuXML itself is
advisory in nature and can be ignored in certain cases (by default for
PACKAGE_BUILDING) or fixed if inaccurate.

[1] https://www.freebsd.org/doc/en/books/porters-handbook/bundled-libs.html

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-multimedia mailing list