https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288375
--- Comment #16 from [email protected] --- A commit in branch 2025Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b495a3116a24c78ec9a4a57b927bb7d6e6f50f13 commit b495a3116a24c78ec9a4a57b927bb7d6e6f50f13 Author: Matthias Andree <[email protected]> AuthorDate: 2025-07-21 23:15:02 +0000 Commit: Matthias Andree <[email protected]> CommitDate: 2025-07-27 20:24:03 +0000 multimedia/openh264: security update to v2.6.0 This includes a security fix: "- Fix potential bug in the codebase (Commit: 63db555e, PR: #3818)" which the 2.5.1 release described as "Fix decoder heap overflow vulnerability". <https://github.com/cisco/openh264/releases> But due to the other fixes, let's move to 2.6.0 right away. Requires gmp-api (GeckoMediaPlayer) API update to Firefox 135 to build. Changelog: https://github.com/cisco/openh264/blob/openh264v2.6.0/RELEASES#L4 Security: 03ba1cdd-4faf-11f0-af06-00a098b42aeb Security: CVE-2025-27091 PR: 288375 Approved by: ports-secteam@ (fernape@) MFH: 2025Q3 (needs gmp-api update) (cherry picked from commit dc94e017da770b37aeb0463f81dcdcbb64098223) multimedia/openh264/Makefile | 3 ++- multimedia/openh264/distinfo | 6 +++--- multimedia/openh264/pkg-plist | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.
