#72799 - [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]

Package	Source(s)		Maintainer(s)
guix-patches		PTS Buildd Popcon

Message #21 received at 72799@debbugs.gnu.org (full text, mbox, reply):

Received: (at 72799) by debbugs.gnu.org; 30 Aug 2024 21:32:15 +0000
From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 30 17:32:14 2024
Received: from localhost ([127.0.0.1]:53530 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sk9E6-0004aE-OD
	for submit@debbugs.gnu.org; Fri, 30 Aug 2024 17:32:14 -0400
Received: from mail-lj1-f174.google.com ([209.85.208.174]:53305)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rodion.goritskov@gmail.com>) id 1sk9E5-0004Zz-6i
 for 72799@debbugs.gnu.org; Fri, 30 Aug 2024 17:32:13 -0400
Received: by mail-lj1-f174.google.com with SMTP id
 38308e7fff4ca-2f029e9c9cfso27147121fa.2
 for <72799@debbugs.gnu.org>; Fri, 30 Aug 2024 14:31:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1725053409; x=1725658209; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=fXOAsJUCuMCOsOP3rLRcEB/wQS2ElapL4FcC/3y0pWQ=;
 b=f62ABd3Y3zq/9iR/4IfbmqbtsDwBb2PtdXwEnMZE2ckZqAwQh1zhU5pUIIGCz7CXfv
 CWZUB6D2kHqdNP5QqiqMNdThV9EJwfU1pW9p6ss6Yt8hXU4vyfw3AvCsdB2OStUuHivp
 ZqafRu0PY9sjfTz30zB7qjqG0yajsF+pc7sye2JB11G05VGeiNL7yCrPbUJgHC5p/Zfm
 R1k96j4wOJpBSTz9wzpFV9hc9eXxEa1fc45xLNxsjOXVWXPImC3fPvUGblwFUa9CtP2I
 4HGzBSQFpnGid0eSkETMXrGM9sbOnReoQ9uA3Ax+crm1Md2Q59CRbV7dh8VokZ7YGZZo
 NK9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1725053409; x=1725658209;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=fXOAsJUCuMCOsOP3rLRcEB/wQS2ElapL4FcC/3y0pWQ=;
 b=rQpAhEGW1njDn22XeBMONA+X8sxt6wHWGDXRd8zgvz4ijWQe0xOg6/4wrFTXaHgYZ4
 VLx44JBe1Zp1T47D5HekrW4dYkE+Ikrem026Q7QkxjP6J8i66XagVxkIK4H5eWwQEsBK
 aiY2DFkSLgLQ4PPOIWFxd/4yl+cKKuhqdASkYQsE7zRVYmHosfMv1fKVxSGuHDcn/0ze
 SoAP3IXcCYfTf0/v8o7ffP0aPVlvzKuTg4YpJJSrC1X+RKS0Ndn7TDam9iwlgokovf3n
 K5hmgoDfalhurkF83vTf22pa2MyWSnrPfHb5Or6y4BjOHKCYrxmgiiVBuzR5IN0VThkr
 J3KQ==
X-Gm-Message-State: AOJu0YyVMaswrd0E0wDGZQrmatt1WA7kbD9iDzc8m4qRpFMi5BJhOvlb
 sRBUwE6GCu/QZO3prUft3H3Qf+f20XThqDM7Zb3J4H9CJZrE1R/wRFSeC2tVpqs=
X-Google-Smtp-Source: AGHT+IHTqWJMnUfMPoSvJVtN4XqL+4AvGIRiViJVixe4auOSS+ihzOHNHqdcoKnCDydnMmd/yVOPPg==
X-Received: by 2002:a2e:b8d6:0:b0:2f1:750d:53a7 with SMTP id
 38308e7fff4ca-2f6105c4993mr70667541fa.8.1725053408470; 
 Fri, 30 Aug 2024 14:30:08 -0700 (PDT)
Received: from bumblebee-mighty ([92.51.75.166])
 by smtp.gmail.com with ESMTPSA id
 38308e7fff4ca-2f614f007aasm8413871fa.38.2024.08.30.14.30.07
 for <72799@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 30 Aug 2024 14:30:08 -0700 (PDT)
From: Rodion Goritskov <rodion.goritskov@gmail.com>
To: 72799@debbugs.gnu.org
Subject: Re: [bug#72799] [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055,
 CVE-2024-7272]
In-Reply-To: <cover.1724546078.git.ashish.is@lostca.se> (ashish is's message
 of "Sun, 25 Aug 2024 00:34:50 +0000")
References: <cover.1724546078.git.ashish.is@lostca.se>
Date: Sat, 31 Aug 2024 01:30:05 +0400
Message-ID: <87r0a5aeci.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 72799
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi!

Patches apply and build fine.

However, it looks like ffmpeg-4 and ffmpeg-6 triggers lots (~1000 for
ffmpeg-4 and ~700 for ffmpeg-6) package rebuilds.
ffmpeg-5 is fine, only 12 packages to be rebuild.

Maybe ffmpeg-4 and ffmpeg-6 should be grafted (these CVEs looks scary) and patches for them send
in the separate branch?

Need some experienced maintainers to understand how it should be resolved.

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Jan 5 07:42:26 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#72799 [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272]