[OE-core] [PATCH 00/12] forward 12 CVE patches for ffmpeg

Paul Eggleton paul.eggleton at linux.intel.com
Thu May 15 08:51:31 UTC 2014


Hi Roy,

On Thursday 15 May 2014 10:03:50 rongqing.li at windriver.com wrote:
> From: Roy Li <rongqing.li at windriver.com>
> 
> The following changes since commit 58417093d7ce83c8a2f683a356fddc23aaee5e8e:
> 
>   wic: Extend indirect string connection to support image names and rootfs
> (2014-05-13 19:35:06 +0100)
> 
> are available in the git repository at:
> 
>   git://git.pokylinux.org/poky-contrib roy/ffmpeg-1
>   http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-1
> 
> Yue Tao (12):
>   Security Advisory - ffmpeg - CVE-2014-2263
>   Security Advisory - ffmpeg - CVE-2013-0865
>   Security Advisory - ffmpeg - CVE-2014-2099
>   Security Advisory - ffmpeg - CVE-2013-0868
>   Security Advisory - ffmpeg - CVE-2013-0845
>   Security Advisory - ffmpeg - CVE-2013-0852
>   Security Advisory - ffmpeg - CVE-2013-0858
>   Security Advisory - ffmpeg - CVE-2013-0851
>   Security Advisory - ffmpeg - CVE-2013-0854
>   Security Advisory - ffmpeg - CVE-2013-0856
>   Security Advisory - ffmpeg - CVE-2013-0850
>   Security Advisory - ffmpeg - CVE-2013-0849

Note that whilst we should apply these patches, they won't actually have any 
effect on unmodified builds because we do not use gst-ffmpeg's internal copy of 
ffmpeg, we use libav instead. So if any of these fixes apply to libav (or if 
there are equivalent fixes) we will need to apply them to libav.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre



More information about the Openembedded-core mailing list