Source: ffmpeg Version: 7:8.0.1-3 Severity: grave Dear maintainer, you may be aware of the recent high-profile security vulnerability patched in libvpx (CVE-2026-2447).
Please be aware that while libvpx12 in the Sid archive is patched for this, libvpx11 is not, and ffmpeg libraries libavcodec61 and libavcodec-extra61 depend upon libvpx11 not libvpx12. This leaves users of the likes of ffmpeg, blender, handbrake, kodi, and linphone potentially vulnerable. I've filed a bug against libvpx11 itself (#1128623). Hopefully its maintainer will backport patches. Otherwise please can you look at patching ffmpeg to use libvpx12.
