Overview
Request 1169718 accepted
- Address boo#1223215/CVE-2023-49501: add patch
0001-avfilter-asrc_afirsrc-fix-by-one-smaller-allocation-.patch
- Address boo#1223235/CVE-2023-49502: add patch
0001-avfilter-bwdif-account-for-chroma-sub-sampling-in-mi.patch
- Address boo#1222730/CVE-2023-49528: add patches
0001-avfilter-af_dialoguenhance-fix-overreads.patch,
0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch,
0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch
- Address boo#1223070/CVE-2024-31578: add patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
- Address boo#1223085/CVE-2024-31582: add patch
0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
Hi jengelh:
For the CVE fixes.
CVE's patch should named as "packagename"-CVE-number.patch;
and the bug number and CVE number should record on the last of log entry. eg: (boo#1223087 CVE-2024-31585)
The log entry should start with Add xxx.patch, yyy.patch; see the openSUSE wikipedia.
In the SPEC file, need add a comment line: eg: # PATCH-FIX-UPSTREAM ffmpeg-5-CVE-2024-31582.patch CVE-2024-31582 bsc#1223085 jengelh@inai.de -- Fix heap buffer overflow and improve the performance by a little bit.
The reason for the uniform format is the CVE fix is important, it will be checked with maintenance QA,the uniform format is easy to check and maintain. and it's easy for script to filter. and some of the patch need to be sync to SLE. SLE has internal requirement, In this case, other people will need to re-format your submission to keep the log same.
Thank you!
Request History
jengelh created request
- Address boo#1223215/CVE-2023-49501: add patch
0001-avfilter-asrc_afirsrc-fix-by-one-smaller-allocation-.patch
- Address boo#1223235/CVE-2023-49502: add patch
0001-avfilter-bwdif-account-for-chroma-sub-sampling-in-mi.patch
- Address boo#1222730/CVE-2023-49528: add patches
0001-avfilter-af_dialoguenhance-fix-overreads.patch,
0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch,
0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch
- Address boo#1223070/CVE-2024-31578: add patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
- Address boo#1223085/CVE-2024-31582: add patch
0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
darix accepted review
Accepted review for by_group opensuse-review-team request 1169718 from user factory-auto
anag+factory set openSUSE:Factory:Staging:L as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:L"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:L"
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:L"
anag+factory set openSUSE:Factory:Staging:H as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:H"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:H"
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:H got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:H got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:H got accepted.
