[Bug 203502] multimedia/ffmpeg -- multiple vulnerabilities

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203502

Jan Beich <jbeich at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jbeich at FreeBSD.org
             Status|New                         |Closed
         Resolution|---                         |Works As Intended

--- Comment #1 from Jan Beich <jbeich at FreeBSD.org> ---
gstreamer1-libav was fixed by ports r397984 before 2015Q4 branched. 2015Q3
isn't supported since 2015-10-01. So, why are your gstreamr1* packages still at
1.4.5?

A few ports maintained by multimedia@ are still affected: multimedia/avidemux
and multimedia/gstreamer-ffmpeg. avidemux is waiting for the next upstream
release. gstreamer-ffmpeg is not maintained upstream (entire 0.x series) and
needs either to be removed or having fixes backported. Depending on ffmpeg0
wouldn't help as that isn't maintained upstream as well.

Other ports in those VuXML entries mainly illustrate liability from not
respecting system libs[1]. Upstream of multimedia/libav probably has different
priorities unless all those vulnerabilites don't apply to their diverged code.

If you want a specific port fixed then it should be noted in Summary. Each port
requires different amount of work and has different maintainer. VuXML itself is
advisory in nature and can be ignored in certain cases (by default for
PACKAGE_BUILDING) or fixed if inaccurate.

[1] https://www.freebsd.org/doc/en/books/porters-handbook/bundled-libs.html

-- 
You are receiving this mail because:
You are the assignee for the bug.