Re: [FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-20 Thread Dominik 'Rathann' Mierzejewski
On Wednesday, 20 March 2019 at 19:18, Michael Niedermayer wrote: > On Wed, Mar 20, 2019 at 12:08:52PM +0100, Dominik 'Rathann' Mierzejewski > wrote: > > On Wednesday, 20 March 2019 at 00:48, Carl Eugen Hoyos wrote: > > > 2019-03-19 23:28 GMT+01:00, Dominik 'Rathann' Mierzejewski > > > : > > > >

Re: [FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-20 Thread Dominik 'Rathann' Mierzejewski
On Wednesday, 20 March 2019 at 18:42, Michael Niedermayer wrote: > On Tue, Mar 19, 2019 at 11:28:01PM +0100, Dominik 'Rathann' Mierzejewski > wrote: > > Hello, > > please backport fixes for CVE-2019-9718 and CVE-2019-9721 to 3.4 > > and 4.0 branches. The relevant commits seem to be: > >

Re: [FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-20 Thread Michael Niedermayer
On Wed, Mar 20, 2019 at 12:08:52PM +0100, Dominik 'Rathann' Mierzejewski wrote: > On Wednesday, 20 March 2019 at 00:48, Carl Eugen Hoyos wrote: > > 2019-03-19 23:28 GMT+01:00, Dominik 'Rathann' Mierzejewski > > : > > > > > Were the CVE IDs not known at the time these were pushed to master? > > >

Re: [FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-20 Thread Michael Niedermayer
On Tue, Mar 19, 2019 at 11:28:01PM +0100, Dominik 'Rathann' Mierzejewski wrote: > Hello, > please backport fixes for CVE-2019-9718 and CVE-2019-9721 to 3.4 > and 4.0 branches. The relevant commits seem to be: > 1f00c97bc3475c477f3c468cf2d924d5761d0982 > 894995c41e0795c7a44f81adc4838dedc3932e65 >

Re: [FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-20 Thread Carl Eugen Hoyos
2019-03-20 12:08 GMT+01:00, Dominik 'Rathann' Mierzejewski : > On Wednesday, 20 March 2019 at 00:48, Carl Eugen Hoyos wrote: >> 2019-03-19 23:28 GMT+01:00, Dominik 'Rathann' Mierzejewski >> : >> >> > Were the CVE IDs not known at the time these were pushed to master? >> >> No, how would this be

Re: [FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-20 Thread Dominik 'Rathann' Mierzejewski
On Wednesday, 20 March 2019 at 00:48, Carl Eugen Hoyos wrote: > 2019-03-19 23:28 GMT+01:00, Dominik 'Rathann' Mierzejewski > : > > > Were the CVE IDs not known at the time these were pushed to master? > > No, how would this be possible? Easy: you can request the ID at https://cveform.mitre.org/

Re: [FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-19 Thread Carl Eugen Hoyos
2019-03-19 23:28 GMT+01:00, Dominik 'Rathann' Mierzejewski : > Were the CVE IDs not known at the time these were pushed to master? No, how would this be possible? > Not having them in the commit log made it more difficult to find them. I thought the CVE's themselves contains the commits, no?

[FFmpeg-devel] backport fixes for CVE-2019-9718 and CVE-2019-9721

2019-03-19 Thread Dominik 'Rathann' Mierzejewski
Hello, please backport fixes for CVE-2019-9718 and CVE-2019-9721 to 3.4 and 4.0 branches. The relevant commits seem to be: 1f00c97bc3475c477f3c468cf2d924d5761d0982 894995c41e0795c7a44f81adc4838dedc3932e65 Thanks in advance. Were the CVE IDs not known at the time these were pushed to master? Not