[FFmpeg-devel] [PATCH 1/2] backport NULL pointer dereference fix / CVE-2019-17539 / 15733 clusterfuzz

Michael Niedermayer michael at niedermayer.cc
Fri Nov 15 13:54:59 EET 2019


On Thu, Nov 14, 2019 at 11:42:45PM +0100, Michael Niedermayer wrote:
> On Thu, Nov 14, 2019 at 03:01:29PM -0500, James Boyle wrote:
> > Hello,
> > 
> > This patch is nearly identical to commit
> > 8df6884832ec413cf032dfaa45c23b1c7876670c, but is intended to backport
> > the fix for CVE-2019-17539 to ffmpeg version 3.4.6, which is in use on
> > RHEL 7 systems that get ffmpeg from rpmfusion.
> > 
> > https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
> > 
> > ---
> >  libavcodec/utils.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> This and "[PATCH 2/2] backport out of array access fix / CVE-2019-17542 / 15919 clusterfuzz"
> and more than 200 other fixes 
> will be part of the next release from the 3.4 branch
> in fact i already have fixes for these 2 backported locally, just not pushed
> 
> ill try to get these pushed to the branch after a bit of sleep

pushed, feel free to check if something was missed

i intend to make a release of this in the next week(s) probably.

Thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20191115/b45621e5/attachment.sig>


More information about the ffmpeg-devel mailing list