275057 – audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch

Bug 275057 - audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch

Summary: audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-multimedia (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-11-13 16:49 UTC by warisap237
Modified:	2024-05-01 17:04 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (multimedia) alster: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description warisap237 2023-11-13 16:49:01 UTC

Commits a1f663e8d4a65 and 5dd1286fb9055, which fix the CVE-2022-33065 security vulnerability in libsndfile, are only included in the main Git branch and not in the quarterly 2023Q4 branch.

As I understand it, the commits need to be cherry-picked onto the 2023Q4 Git branch for the fix to be included in the next build of the quarterly package branch.

Comment 1 Geoff 2023-12-12 14:58:33 UTC

Also looking for this to be updated to 1.2.2_1

Thank you.  Cheers,
Geoff