zesty has 3.2.2, which has fixes for the listed CVEs.
** Changed in: ffmpeg (Ubuntu)
Status: Invalid => Fix Released
** No longer affects: ffmpeg (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: ffmpeg (Ubuntu Xenial)
Importance: Undecided => Low
** Changed in: ffmpeg (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647226
Title:
Debdiff mentioning the CVEs in the changelog is attached.
** Patch added: "debdiff for 2.8.10"
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+attachment/4790034/+files/ffmpeg_2.8.10.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
ok, could you add them to the changelog please?
(note that I "invalidated" the "devel" task, the xenial task is good; this
makes for better view in the sponsoring overview)
** Changed in: ffmpeg (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a
For 2.8.9 there are now CVEs available [1]:
CVE-2016-7502, CVE-2016-7785, CVE-2016-7905, CVE-2016-7562
1: https://ffmpeg.org/security.html
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7502
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7562
**
CVEs aren't available yet, but this fixes important security issues like:
https://trac.ffmpeg.org/ticket/5992
https://trac.ffmpeg.org/ticket/5994
** Bug watch added: FFmpeg Trac bug tracker #5992
https://trac.ffmpeg.org/ticket/5992
** Bug watch added: FFmpeg Trac bug tracker #5994