[OE-core] [PATCH 1/1] ffmpeg: backport patches to fix 12 CVEs
ChenQi
Qi.Chen at windriver.com
Tue Sep 26 07:57:21 UTC 2017
On 09/26/2017 03:43 PM, Alexander Kanavin wrote:
> On 09/26/2017 10:43 AM, Chen Qi wrote:
>> Backport patches to fix the following CVEs.
>>
>> CVE-2017-14054
>> CVE-2017-14055
>> CVE-2017-14056
>> CVE-2017-14057
>> CVE-2017-14058
>> CVE-2017-14059
>> CVE-2017-14169
>> CVE-2017-14170
>> CVE-2017-14171
>> CVE-2017-14222
>> CVE-2017-14223
>> CVE-2017-14225
>
> I'd rather just update to 3.3.4. A lot less patch clutter, a lot less
> chance of an important fix (CVE or not) having been missed, and it's
> rather unlikely there's something that breaks compared to 3.3.3, as
> feature development happens in a separate master branch.
>
> Alex
>
I agree with you. I have tried to do the upgrade, and it's easy.
However, at the current stage, it's unlikely for an upgrade patch to be
accepted. That's why I did the backport.
Best Regards,
Chen Qi
More information about the Openembedded-core
mailing list