On Wed, Feb 26, 2014 at 02:30:47AM +0100, Michael Niedermayer wrote:
> > Yes, it's the latter: I didn't badmouth ffmpeg in any way: it was said that
> > libav
> > fixed less Google fuzzer samples than libav; for which I added my
> > observation that when
> > I looked at several CVE assignments for ffmpeg fixes the affected code
> > didn't exist in libav releases and that explains the difference in numbers.
> > That doesn't mean that ffmpeg is worse than libav, it simply means that the
> > code has diverged and different code is affected.
>
> I belive maybe some things are a bit mixed up here
> The "less fixes in libav" stuff was AFAIK a comparission between the
> libav and ffmpeg git master branches
I'm referring to issues listed on ffmpeg.org/security for which I checked
the applicability to libav as in Debian. One thing I remember was the
g2meet codec which wasn't in any libav branch in Debian.
Anyway, I don't have time to discuss this in depth.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]