On 24.11.2011 17:53, D.Morgan wrote: > On Thu, Nov 24, 2011 at 1:58 PM, Thomas Backlund <t...@mageia.org> wrote: >> Philippe DIDIER skrev 24.11.2011 14:52: >>> >>> heavy dilemma ! heavy choice ! >>> - let ffmpeg not updated (with x264 support but with security problem) >> >> The proper thing is to identify the needed fixes and backport them. >> >>> - update ffmpeg disabling x264 support >> >> not an option >> >>> - update ffmpeg keeping x264 support but need to rebuild mass of >>> packages (not alone !!!!) and provide lots of updated rpms to QA ! >>> >> >> Absolutely not an option > > But how many packages are affected ? >
BTW, if you look at http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.7 you'll notice the the security issues mentioned here are just a tip of the iceberg, since there are hundreds of commits fixing buffer overflows and other similar issues in various codecs in the 0.7 stable branch alone. -- Anssi Hannula