gstreamer-ffmpeg vulnerability!

[teo]

Hello!

gstreamer-ffmpeg This necessary dependency for audio or video the system detects vulnerability, someone maintaining this multimedia/gstreamer-ffmpeg port?


# pkg audit

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-6826
CVE: CVE-2015-6825
CVE: CVE-2015-6824
CVE: CVE-2015-6823
CVE: CVE-2015-6822
CVE: CVE-2015-6821
CVE: CVE-2015-6820
CVE: CVE-2015-6819
CVE: CVE-2015-6818
WWW: https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8365
CVE: CVE-2015-8364
CVE: CVE-2015-8363
CVE: CVE-2015-8219
CVE: CVE-2015-8218
CVE: CVE-2015-8217
CVE: CVE-2015-8216
CVE: CVE-2015-6761
WWW: https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8663
CVE: CVE-2015-8662
WWW: https://vuxml.FreeBSD.org/freebsd/4bae544d-06a3-4352-938c-b3bcbca89298.html

3 problem(s) in 1 installed package(s) found.
#

 

[Alain De Vos]

gstreamer-ffmpeg links to ffmpeg0 which expires.
But there is gstreamer1-libav , and many other gstreamer plugins available.

 

[shkhln]

Those CVEs do not look like they would be applicable to gstreamer-ffmpeg at all.

This necessary dependency for audio or video the system detects vulnerability

Why do you even care? The only thing you can do as a regular user is either update or remove packages. Since you do not seem to be willing to remove packages, you might as well forget about pkg audit and just run pkg update once a week.

 

[shkhln]

Those CVEs do not look like they would be applicable to gstreamer-ffmpeg at all.

Ok, so that thing actually bundles libav 0.7.7. Way too old.