[OE-core] [PATCH 00/12 v2] ffmpeg: backport 12 CVE patches
Paul Eggleton
paul.eggleton at linux.intel.com
Fri May 16 11:09:00 UTC 2014
Hi Roy,
On Friday 16 May 2014 10:12:08 rongqing.li at windriver.com wrote:
> From: Roy Li <rongqing.li at windriver.com>
>
> Diff with V1: use ffmpeg as prefix of commit header
>
> The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
>
> gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
>
> Yue Tao (12):
> ffmpeg: fix for Security Advisory CVE-2014-2263
> ffmpeg: fix for Security Advisory CVE-2013-0865
> ffmpeg: fix for Security Advisory CVE-2014-2099
> ffmpeg: fix for Security Advisory CVE-2013-0868
> ffmpeg: fix for Security Advisory CVE-2013-0845
> ffmpeg: fix for Security Advisory CVE-2013-0852
> ffmpeg: fix for Security Advisory CVE-2013-0858
> ffmpeg: fix for Security Advisory CVE-2013-0851
> ffmpeg: fix for Security Advisory CVE-2013-0854
> ffmpeg: fix for Security Advisory CVE-2013-0856
> ffmpeg: fix for Security Advisory CVE-2013-0850
> ffmpeg: fix for Security Advisory CVE-2013-0849
This should really be "gst-ffmpeg:" rather than just "ffmpeg:" since that's the
recipe being modified.
Also, I'm not sure if you got my message yesterday (since there was a problem
with the email transmission) however I'll repeat it here just in case:
> Note that whilst we should apply these patches, they won't actually have any
> effect on unmodified builds because we do not use gst-ffmpeg's internal
> copy of ffmpeg, we use libav instead. So if any of these fixes apply to
> libav (or if there are equivalent fixes) we will need to apply them to
> libav.
Would you be able to take care of the corresponding patches to libav?
Thanks,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-core
mailing list