stabilizing 2.1.3 rather that 2.1.2 because the older version contains some vulnerabilities. it's not clear to me though whether all the vulnerabilities are solved in this version. commit e2665d7cdcb08c96a1a31bea6b3d9eaf5e1bd333 Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Fri May 12 09:27:33 2023 +0200 media-libs/libmp4v2: bump to 2.1.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
x86 done
amd64 done
sparc done
arm done
ppc done
ppc64 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2a2cffd6ad3268b681c1c6978162cee9353c19c commit d2a2cffd6ad3268b681c1c6978162cee9353c19c Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2023-05-17 07:12:56 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-05-17 07:12:56 +0000 media-libs/libmp4v2: dropped obsolete and vulnerable 2.0.0-r2 & 2.1.2 Bug: https://bugs.gentoo.org/906520 Bug: https://bugs.gentoo.org/905092 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-libs/libmp4v2/Manifest | 2 - .../files/libmp4v2-2.0.0-CVE-2018-14054.patch | 35 ------------- .../files/libmp4v2-2.0.0-CVE-2018-14325.patch | 60 ---------------------- .../files/libmp4v2-2.0.0-CVE-2018-14379.patch | 33 ------------ .../files/libmp4v2-2.0.0-CVE-2018-14403.patch | 28 ---------- .../libmp4v2/files/libmp4v2-2.0.0-clang.patch | 36 ------------- .../libmp4v2/files/libmp4v2-2.0.0-gcc7.patch | 18 ------- .../files/libmp4v2-2.0.0-mp4tags-corruption.patch | 20 -------- media-libs/libmp4v2/libmp4v2-2.0.0-r2.ebuild | 53 ------------------- media-libs/libmp4v2/libmp4v2-2.1.2.ebuild | 32 ------------ 10 files changed, 317 deletions(-)