http://advisories.mageia.org/MGASA-2015-0233.html
The linked advisory mentions updates to 2.6.6 while our avidemux26 ports are at 2.6.8 - so this is most likely not relevant to them.
Hmm correction: 2.6.8 is from 2014 while the CVEs are from up to 2015... And I see 2.6.9 is out so we should probably update to that.
I tried updating to 2.6.9 yesterday but got stuck at strange cmake errors, if someone wants to pick up from there... Patch: https://people.freebsd.org/~nox/tmp/avidemux-2.6.9-incomplete-001.patch (some plists probably still need fixing too) (partial) poudriere testport log including the cmake errors: https://people.freebsd.org/~nox/tmp/avidemux26-plugins-testport-001.log.txt CMakeError.log and CMakeOutput.log out of the jail: https://people.freebsd.org/~nox/tmp/avidemux26-plugins-CMakeError.log.txt https://people.freebsd.org/~nox/tmp/avidemux26-plugins-CMakeOutput.log.txt This was attempting to build multimedia/avideumux26-plugins, it is needed and depends on the other avidemux26 ports. Thanx! :) Juergen
(In reply to Juergen Lock from comment #3) On it...
Created attachment 157344 [details] Update to 2.6.9 Merge of nox's patch with my own modifications. svn diff relative to ${PORTSDIR}/multimedia
(In reply to Thomas Zander from comment #5) Build tested with poudriere in various OPTIONS permutations on 10-stable/amd64 and 9.3/i386. Using the resulting binary for actual editing jobs not yet tested :-)
A commit references this bug: Author: riggs Date: Mon Jun 1 18:58:38 UTC 2015 New revision: 388254 URL: https://svnweb.freebsd.org/changeset/ports/388254 Log: Update to upstream version 2.6.9 While on it: Pet portlint PR: 200507 Reported by: venture37@geeklan.co.uk Changes: head/multimedia/avidemux26/Makefile head/multimedia/avidemux26/Makefile.common head/multimedia/avidemux26/distinfo head/multimedia/avidemux26/files/patch-avidemux__core_ADM__core_src_ADM__memsupport.cpp head/multimedia/avidemux26/files/patch-avidemux__core_ffmpeg__package_patches_config.mak.diff head/multimedia/avidemux26/files/patch-avidemux__plugins_CMakeLists.txt head/multimedia/avidemux26/files/patch-avidemux_core-ffmpeg_package-patches-Makefile.patch head/multimedia/avidemux26/files/patch-avidemux_core-ffmpeg_package-patches-configure.patch head/multimedia/avidemux26/files/patch-avidemux_core-ffmpeg_package-patches-libavcodec-Makefile.patch head/multimedia/avidemux26/files/patch-avidemux_core_ADM_core_src_ADM_memsupport.cpp head/multimedia/avidemux26/files/patch-cmake_admCheckMiscLibs.cmake head/multimedia/avidemux26/files/patch-config.mak.diff head/multimedia/avidemux26/files/patch-libexecinfo head/multimedia/avidemux26/files/patch-po__CMakeLists.txt head/multimedia/avidemux26/pkg-plist head/multimedia/avidemux26-cli/Makefile head/multimedia/avidemux26-plugins/Makefile head/multimedia/avidemux26-plugins/pkg-plist head/multimedia/avidemux26-qt4/Makefile head/multimedia/avidemux26-qt4/pkg-plist
Actually, from reading the security advisory it does look like pre-2.6.8 versions were vulnerable as nox pointed out. I'll update vuxml accordingly.
A commit references this bug: Author: riggs Date: Mon Jun 1 19:37:58 UTC 2015 New revision: 388266 URL: https://svnweb.freebsd.org/changeset/ports/388266 Log: Add entry for vulnerable versions of avidemux2 and avidemux26 PR: 200507 Submitted by: venture37@geeklan.co.uk Changes: head/security/vuxml/vuln.xml