(Since two bugs were reopened and the status was set to "forwarded":)
Note that there will definitely be no "fix" within FFmpeg, simply because the FFmpeg developers do not believe that there is a bug that can be fixed. If Debian believes there is an issue, it can be fixed quickly: Just add --disable-asm to the configure line. So definitely no need to "forward" anything. If you decide to not "fix" the issue, please close the bug reports (again). Regarding the claim that "it's worth losing 15% of performance for security": I (strongly) believe it is worth losing 90% of performance for an actual security issue, so I am not sure I understand the argument. But I would also suggest you provide some tests to allow us to reproduce the numbers if you believe they are relevant. (Both "15%" and "lack of registers problem" are mostly wrong or not the point.) Carl Eugen