Le sunnuntaina 23. helmikuuta 2025, 11.12.36 UTC+2 Michael Niedermayer a écrit : > On Sun, Feb 23, 2025 at 09:56:35AM +0100, Michael Niedermayer wrote: > > I suggest > > 1. if you fix a security issue or apply a security fix, make sure it is > > backported to all supported releases > > 2. if you see a CVE # thats not on the security page, mail ffmpeg-security > > 3. If you see issues on trac that seem important, please make sure they > > are fixed and backported, having someone like carl who knew and maintained > > all issues would be quite usefull > > 4. Someone should cross check > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffmpeg and our security > page and backported fixes and backport missing fixes and fix unfixed > issues.
I find these suggestions very agreeable... as long as someone else is responsible. Luckily, I am not on ffmpeg-security, so I have a rock-solid excuse. IMO, whoever "asked (...) why 5 security fixes are missing in 6.1 and from our security page" should be respectfully informed that FFmpeg is a volunteer organisation and lacks the human resources to necessary track CVEs. It probably won't make any difference in the end, but I find it better to admit that we don't do what we don't do than to give false hopes. -- Rémi Denis-Courmont Villeneuve de Tapiola, ex-République finlandaise d´Uusimaa _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
