[FFmpeg-devel] Question re: CVE-2019-15942 and ffmpeg 3.4.6

Hello, I was wondering if anyone can verify whether or not CVE-2019-15942 affects ffmpeg version 3.4.6.  From trac ticket 8093 (https://trac.ffmpeg.org/ticket/8093), it looks like it was a "regression since 992532ee3122d7938a7581988eea401b57de8189".  I'm not well versed with git, but running "git

[FFmpeg-devel] [PATCH 1/2] backport NULL pointer dereference fix / CVE-2019-17539 / 15733 clusterfuzz

Hello, This patch is nearly identical to commit 8df6884832ec413cf032dfaa45c23b1c7876670c, but is intended to backport the fix for CVE-2019-17539 to ffmpeg version 3.4.6, which is in use on RHEL 7 systems that get ffmpeg from rpmfusion. https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032d

[FFmpeg-devel] [PATCH 2/2] backport out of array access fix / CVE-2019-17542 / 15919 clusterfuzz

Hello, This patch is nearly identical to commit 02f909dc24b1f05cfbba75077c7707b905e63cd2, but is intended to backport the fix for CVE-2019-17542 to ffmpeg version 3.4.6, which is in use on RHEL 7 systems that get ffmpeg from rpmfusion. https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba7