[Cin] cve 2022-2566

Andrew Randrianasulu randrianasulu at gmail.com
Sun Oct 16 19:53:54 CEST 2022


вс, 16 окт. 2022 г., 19:54 Phyllis Smith <phylsmith2017 at gmail.com>:

> Checked into GIT, the ffmpeg 5.1 patch 6 as Andrew had attached.  We will
> have to remember to exclude this patch on the next ffmpeg upgrade (did not
> think necessary to upgrade this soon to 5.1.2 after all).
>


from git log there was also patch related to vo9 + alpha encoding ... but
may be we also can add it separately. Also, there was some discussion on
ffmpeg-devel list on raising max. thread number for vp9 encoder for 4k and
8k video from 16 to 64 threads. Only relevant to big machines ....


I also locally compiled cin with ffmpeg 5.1.2 so it turned out to be
relatively painless - just remove old tar.xz, put new one, rename patches,
and raise number in configure.ac

>
> On Sun, Oct 2, 2022 at 5:24 AM Andrew Randrianasulu via Cin <
> cin at lists.cinelerra-gg.org> wrote:
>
>>
>> https://github.com/google/security-research/security/advisories/GHSA-vhxg-9wfx-7fcj
>>
>> so I downloaded
>>
>>
>> https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6f53f0d09ea4c9c7f7354f018a87ef840315207d
>>
>> and turned it into ffmpeg-5.1.patch6
>> (attached)
>>
>> from description it sounds quite bad, so if this patch does not regress
>> normal files we better to apply it or may be update whole ffmpeg to 5.1.2 ?
>>
>>
>> --
>> Cin mailing list
>> Cin at lists.cinelerra-gg.org
>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20221016/fd2048e1/attachment.htm>


More information about the Cin mailing list