[OE-core] [PATCH 00/12] forward 12 CVE patches for ffmpeg
Otavio Salvador
otavio at ossystems.com.br
Thu May 15 16:46:12 UTC 2014
On Thu, May 15, 2014 at 5:51 AM, Paul Eggleton
<paul.eggleton at linux.intel.com> wrote:
> Hi Roy,
>
> On Thursday 15 May 2014 10:03:50 rongqing.li at windriver.com wrote:
>> From: Roy Li <rongqing.li at windriver.com>
>>
>> The following changes since commit 58417093d7ce83c8a2f683a356fddc23aaee5e8e:
>>
>> wic: Extend indirect string connection to support image names and rootfs
>> (2014-05-13 19:35:06 +0100)
>>
>> are available in the git repository at:
>>
>> git://git.pokylinux.org/poky-contrib roy/ffmpeg-1
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-1
>>
>> Yue Tao (12):
>> Security Advisory - ffmpeg - CVE-2014-2263
>> Security Advisory - ffmpeg - CVE-2013-0865
>> Security Advisory - ffmpeg - CVE-2014-2099
>> Security Advisory - ffmpeg - CVE-2013-0868
>> Security Advisory - ffmpeg - CVE-2013-0845
>> Security Advisory - ffmpeg - CVE-2013-0852
>> Security Advisory - ffmpeg - CVE-2013-0858
>> Security Advisory - ffmpeg - CVE-2013-0851
>> Security Advisory - ffmpeg - CVE-2013-0854
>> Security Advisory - ffmpeg - CVE-2013-0856
>> Security Advisory - ffmpeg - CVE-2013-0850
>> Security Advisory - ffmpeg - CVE-2013-0849
>
> Note that whilst we should apply these patches, they won't actually have any
> effect on unmodified builds because we do not use gst-ffmpeg's internal copy of
> ffmpeg, we use libav instead. So if any of these fixes apply to libav (or if
> there are equivalent fixes) we will need to apply them to libav.
And please rework the commit logs for:
ffmpeg: fix for Security Advisory CVE-2013-0849
or anything similar, per your personal choice. But please put the
recipe name as prefix.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
More information about the Openembedded-core
mailing list