Reporting fixes so that vuxml can be updated
Michael Jung
mikej at mikej.com
Wed Dec 23 14:06:59 UTC 2015
Hi,
"pkg audit" on my system returns the following CVE's for ffmpeg. I have
noted
in the list below that http://www.ffmpeg.org/security.html claims these
CVE's
were fixed in the ffmpeg version noted.
Is this the correct place/list to report updates to that vuxml can be
updated?
I know there was a discussion about ports and security reporting and
updating but I don't remember an outcome.
Happy holidays,
--mikej
handbrake-0.10.2_2 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-6826 < Fixed in 2.7.2
CVE: CVE-2015-6825 < Fixed in 2.7.2
CVE: CVE-2015-6824 < Fixed in 2.7.2
CVE: CVE-2015-6823 < Fixed in 2.7.2
CVE: CVE-2015-6822 < Fixed in 2.7.2
CVE: CVE-2015-6821 < Fixed in 2.7.2
CVE: CVE-2015-6820 < Fixed in 2.7.2
CVE: CVE-2015-6819 < Fixed in 2.7.2
CVE: CVE-2015-6818 < Fixed in 2.7.2
WWW:
https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html
handbrake-0.10.2_2 is vulnerable:
ffmpeg -- use-after-free
CVE: CVE-2015-3417 < Fixed in 2.5.2
WWW:
https://vuxml.FreeBSD.org/freebsd/da434a78-e342-4d9a-87e2-7497e5f117ba.html
handbrake-0.10.2_2 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8365 < Fixed in 2.4.12
CVE: CVE-2015-8364 < Fixed in 2.4.12
CVE: CVE-2015-8363 < Fixed in 2.4.12
CVE: CVE-2015-8219 < Fixed in 2.4.12
CVE: CVE-2015-8218 < Fixed in 2.8.2
CVE: CVE-2015-8217 < Fixed in 2.8.2
CVE: CVE-2015-8216 < Fixed in 2.8.2
CVE: CVE-2015-6761 < Fixed in 2.8.2
WWW:
https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html
handbrake-0.10.2_2 is vulnerable:
ffmpeg -- out-of-bounds array access
CVE: CVE-2015-3395 < Fixed in 2.7
WWW:
https://vuxml.FreeBSD.org/freebsd/80c66af0-d1c5-449e-bd31-63b12525ff88.html
More information about the freebsd-ports
mailing list