Hello all, hello Christian,
TLDR: I am kindly asking if it would be possible to update ffmpeg to fix
recent CVEs.
Ubuntu has released a new ffmpeg Version, that fixes security issues:
https://ubuntu.com/security/notices/USN-7830-1
Ubuntu is at version 6.1.1 of ffmpeg in their most recent LTS distro.
The ffmpeg package I get from deb-multimedia.org is at the latest
version available from that repo. I see in
/usr/share/doc/ffmpeg/changelog.Debian.gz:
ffmpeg-dmo (10:6.0.1-dmo0+deb12u1) stable; urgency=medium
* New upstream release.
+ Fix CVE-2023-47342: Privilege Escalation.
-- Christian Marillat <marillat@???> Sat, 18 Nov
2023 15:44:45 +0100
Which seems to imply that the recent CVEs:
*
https://ubuntu.com/security/CVE-2025-10256
*
https://ubuntu.com/security/CVE-2025-6605
that Ubuntu fixes in their packages are not yet fixed in the ffmpeg
version available in the deb-multimedia.org ffmpeg package.
I am kindly asking if it would be possible to update the ffmpeg in
deb-multimedia.org to include the recent CVE fixes.
I could probably organise a bit of sponsorship for the release of an
updated package.
?
Thanks a lot for deb-multimedia,
*t
