maintainer-feedback requested: [Bug 275057] audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 275057] audio/libsndfile: CVE-2022-33065 fix not available in quarterly branch"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 13 Nov 2023 16:49:01 UTC

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-multimedia
(Nobody) <multimedia@FreeBSD.org> for maintainer-feedback:
Bug 275057: audio/libsndfile: CVE-2022-33065 fix not available in quarterly
branch
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275057



--- Description ---
Commits a1f663e8d4a65 and 5dd1286fb9055, which fix the CVE-2022-33065 security
vulnerability in libsndfile, are only included in the main Git branch and not
in the quarterly 2023Q4 branch.

As I understand it, the commits need to be cherry-picked onto the 2023Q4 Git
branch for the fix to be included in the next build of the quarterly package
branch.