[FFmpeg-devel] FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File

[Narayanaswamy, Raghu]

Hi,



I heard that, security fix is already there on the master branch[*] and will most likely be backported to the coming release 4.2.3, together with many other fixes.



I have following queries.

1.     In master branch ffversion.h version remains as "#define FFMPEG_VERSION "n4.2.1"", even though current release version is 4.2.2

  1.  Is there any issue that if fix is taken directly from Master, does it mean it is not sufficiently tested/validated for Production use?
  2.  When is the scheduled release date for 4.2.3?



Regards,

Raghu