[FFmpeg-user] 2.8.14 security updates

Reindl Harald h.reindl at thelounge.net
Tue May 15 23:14:49 EEST 2018

Am 15.05.2018 um 22:02 schrieb Bryan Duff:
> Is 2.8.14 up-to-date as far as known security issues (e.g CVE's) are
> concerned?
> Looking at CVE's for ffmpeg, some will say "3.x.y and before" - does that
> mean that they only affect 3.x?  If not and they affect 2.8.14, then there
> are a decent number that affect 2.8.14 (15 of them?)
> For example, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9608
> has commits in the 3.2, 3.3, and master branches, so I'm guessing 2.8 is
> not affected.  Just trying to make sure

while this list don't give a damn about anything then current master -
2.8.14 - seriously?

nobody can asnser that for sure because recent is 4.0 and it's imposible
by common sense to backport everything besides hope

3.0 was 2016-02-15
this is more than two years!

2.8 was 2015-09-09

in doubt the answer is simply "no"

More information about the ffmpeg-user mailing list