https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288375
--- Comment #13 from [email protected] --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=dc94e017da770b37aeb0463f81dcdcbb64098223 commit dc94e017da770b37aeb0463f81dcdcbb64098223 Author: Matthias Andree <[email protected]> AuthorDate: 2025-07-21 23:15:02 +0000 Commit: Matthias Andree <[email protected]> CommitDate: 2025-07-27 20:11:36 +0000 multimedia/openh264: security update to v2.6.0 This includes a security fix: "- Fix potential bug in the codebase (Commit: 63db555e, PR: #3818)" which the 2.5.1 release described as "Fix decoder heap overflow vulnerability". <https://github.com/cisco/openh264/releases> But due to the other fixes, let's move to 2.6.0 right away. Requires gmp-api (GeckoMediaPlayer) API update to Firefox 135 to build. Changelog: https://github.com/cisco/openh264/blob/openh264v2.6.0/RELEASES#L4 Security: 03ba1cdd-4faf-11f0-af06-00a098b42aeb Security: CVE-2025-27091 PR: 288375 Approved by: ports-secteam@ (fernape@) MFH: 2025Q3 (needs gmp-api update) multimedia/openh264/Makefile | 3 ++- multimedia/openh264/distinfo | 6 +++--- multimedia/openh264/pkg-plist | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.
