[Cin] Libvpx vulnerability
Phyllis Smith
phylsmith2017 at gmail.com
Wed Oct 4 03:13:14 CEST 2023
Seems OK to me and compiled but 2 questions:
1. When I downloaded with the link you provided, it did not put a "v" in
the name - it was just libvpx-1.13.1.tar.gz so I am a little confused about
the difference.
2. I think we also need to include the 1.13.0 patch because it changes the
line from:
-#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(*n*
)))
+#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(
*64*)))
so I will do that if you concur?
On Tue, Oct 3, 2023 at 1:32 PM Andrew Randrianasulu via Cin <
cin at lists.cinelerra-gg.org> wrote:
>
>
> вт, 3 окт. 2023 г., 16:50 Andrew Randrianasulu <randrianasulu at gmail.com>:
>
>>
>>
>> вт, 3 окт. 2023 г., 11:56 Andrea paz via Cin <cin at lists.cinelerra-gg.org
>> >:
>>
>>> A vulnerability hole in the vpx library has come out these days. Do
>>> you think it is worth updating?
>>>
>>
>> I think yes, because we at 1.13.0 already ... may be we can just
>> add/apply relevant patches without touching main tarball?
>>
>
>
> so I tried to download new source directly from
>
> https://github.com/webmproject/libvpx/archive/v1.13.1/libvpx-v1.13.1.tar.gz
>
> renamed it libvpx-1.13.1.tar.gz (without "v") then put in thirdparty/src,
> renamed corresponding libvpx patch, edited configure.ac
> <http://confifure.ac> and now ffmpeg configures .... compiles ...
>
>
>> https://ubuntu.com/security/notices/USN-6403-1
>>> --
>>> Cin mailing list
>>> Cin at lists.cinelerra-gg.org
>>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>>
>> --
> Cin mailing list
> Cin at lists.cinelerra-gg.org
> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20231003/1b53e340/attachment.htm>
More information about the Cin
mailing list