[Bug 2033955] Re: [SRU] New upstream bugfix releases 4.2.9, 4.4.4 and 5.1.3

Eduardo Barretto 2033955 at bugs.launchpad.net
Wed Sep 6 14:45:58 UTC 2023 

Luís are you reading my messages? 
You don't seem to be.
1. There's no need for an SRU for this
2. Part of the CVEs are already fixed and you are trying to fix it again.
3. You are trying to do version upgrades and that's not how Ubuntu works.

If you provide us with a debdiff that only contain the patches that are
needed to fix the vulnerabilities we will gladly sponsor it. But the way
you're still making the same mistakes and not following our guidance, we
won't sponsor until you address our comments.

** Changed in: ffmpeg (Ubuntu)
       Status: Fix Released => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2033955

Title:
  [SRU] New upstream bugfix releases 4.2.9, 4.4.4 and 5.1.3

Status in ffmpeg package in Ubuntu:
  Invalid

Bug description:
  [Impact]

  New upstream bugfix releases 4.2.9, 4.4.4 and 5.1.3 are available.

  These releases fix:
  * CVE-2022-48434 in Ubuntu 22.04 and
  * CVE-2022-3964, CVE-2022-3965 and CVE-2022-4907 in Ubuntu 23.04 and
  * many other bugs.

  [Test Plan]

  For each Ubuntu release being updated and each architecture of amd64, arm64, and other architectures that can be tested, run the following commands in a chroot, container or VM of that Ubuntu release and architecture:
  [Download the .dsc file for the update]
  $ sudo apt install build-essential
  $ dpkg-source -x $SOURCE_DSC
  $ cd ffmpeg-$UPSTREAM_VERSION
  $ debuild -us -uc
  [If required, install build dependencies and repeat the command]
  $ export LD_LIBRARY_PATH="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale"
  $ cd debian/standard
  $ make fate-rsync SAMPLES=fate-suite/
  $ make fate -k SAMPLES=fate-suite/

  [Where problems could occur]

  The bug fixes in this update could create regressions in other
  packages in the Ubuntu archive or in third-party software.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/2033955/+subscriptions

More information about the Ubuntu-sponsors mailing list