[Cin] cve 2022-2566

Andrew Randrianasulu randrianasulu at gmail.com
Sun Oct 16 21:07:51 CEST 2022


вс, 16 окт. 2022 г., 20:53 Andrew Randrianasulu <randrianasulu at gmail.com>:

>
>
> вс, 16 окт. 2022 г., 19:54 Phyllis Smith <phylsmith2017 at gmail.com>:
>
>> Checked into GIT, the ffmpeg 5.1 patch 6 as Andrew had attached.  We will
>> have to remember to exclude this patch on the next ffmpeg upgrade (did not
>> think necessary to upgrade this soon to 5.1.2 after all).
>>
>
>
> from git log there was also patch related to vo9 + alpha encoding ... but
> may be we also can add it separately. Also, there was some discussion on
> ffmpeg-devel list on raising max. thread number for vp9 encoder for 4k and
> 8k video from 16 to 64 threads. Only relevant to big machines ....
>

http://ffmpeg.org/pipermail/ffmpeg-devel/2022-October/302633.html


vp9 alpha patch
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/db2d52e1ff74c89ee5b3da3c969e39a7135a17bf




>
> I also locally compiled cin with ffmpeg 5.1.2 so it turned out to be
> relatively painless - just remove old tar.xz, put new one, rename patches,
> and raise number in configure.ac
>
>>
>> On Sun, Oct 2, 2022 at 5:24 AM Andrew Randrianasulu via Cin <
>> cin at lists.cinelerra-gg.org> wrote:
>>
>>>
>>> https://github.com/google/security-research/security/advisories/GHSA-vhxg-9wfx-7fcj
>>>
>>> so I downloaded
>>>
>>>
>>> https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6f53f0d09ea4c9c7f7354f018a87ef840315207d
>>>
>>> and turned it into ffmpeg-5.1.patch6
>>> (attached)
>>>
>>> from description it sounds quite bad, so if this patch does not regress
>>> normal files we better to apply it or may be update whole ffmpeg to 5.1.2 ?
>>>
>>>
>>> --
>>> Cin mailing list
>>> Cin at lists.cinelerra-gg.org
>>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>>
>>

вс, 16 окт. 2022 г., 20:53 Andrew Randrianasulu <randrianasulu at gmail.com>:

>
>
> вс, 16 окт. 2022 г., 19:54 Phyllis Smith <phylsmith2017 at gmail.com>:
>
>> Checked into GIT, the ffmpeg 5.1 patch 6 as Andrew had attached.  We will
>> have to remember to exclude this patch on the next ffmpeg upgrade (did not
>> think necessary to upgrade this soon to 5.1.2 after all).
>>
>
>
> from git log there was also patch related to vo9 + alpha encoding ... but
> may be we also can add it separately. Also, there was some discussion on
> ffmpeg-devel list on raising max. thread number for vp9 encoder for 4k and
> 8k video from 16 to 64 threads. Only relevant to big machines ....
>
>
> I also locally compiled cin with ffmpeg 5.1.2 so it turned out to be
> relatively painless - just remove old tar.xz, put new one, rename patches,
> and raise number in configure.ac
>
>>
>> On Sun, Oct 2, 2022 at 5:24 AM Andrew Randrianasulu via Cin <
>> cin at lists.cinelerra-gg.org> wrote:
>>
>>>
>>> https://github.com/google/security-research/security/advisories/GHSA-vhxg-9wfx-7fcj
>>>
>>> so I downloaded
>>>
>>>
>>> https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6f53f0d09ea4c9c7f7354f018a87ef840315207d
>>>
>>> and turned it into ffmpeg-5.1.patch6
>>> (attached)
>>>
>>> from description it sounds quite bad, so if this patch does not regress
>>> normal files we better to apply it or may be update whole ffmpeg to 5.1.2 ?
>>>
>>>
>>> --
>>> Cin mailing list
>>> Cin at lists.cinelerra-gg.org
>>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20221016/8d39fc17/attachment.htm>


More information about the Cin mailing list