# gstreamer-ffmpeg port gives vulnerability and error when trying to update!



## teo (May 12, 2019)

Good morning!
Someone helps me to fix that port that the system detects vulnerability and gives error when trying to update?

# `portupgrade -f gstreamer-ffmpeg`

```
[Reading data from pkg(8) ... - 1219 packages found - done]
--->  Reinstalling 'gstreamer-ffmpeg-0.10.13_6' (multimedia/gstreamer-ffmpeg)
--->  Building '/usr/ports/multimedia/gstreamer-ffmpeg'
===>  Cleaning for gstreamer-ffmpeg-0.10.13_6
           ---------------------     ----------------      --------------
           ---------------------     ----------------      --------------

===>  gstreamer-ffmpeg-0.10.13_6 has known vulnerabilities:
gstreamer-ffmpeg-0.10.13_6 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8663
CVE: CVE-2015-8662
WWW: https://vuxml.FreeBSD.org/freebsd/4bae544d-06a3-4352-938c-b3bcbca89298.html

gstreamer-ffmpeg-0.10.13_6 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8365
CVE: CVE-2015-8364
CVE: CVE-2015-8363
CVE: CVE-2015-8219
CVE: CVE-2015-8218
CVE: CVE-2015-8217
CVE: CVE-2015-8216
CVE: CVE-2015-6761
WWW: https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html

gstreamer-ffmpeg-0.10.13_6 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-6826
CVE: CVE-2015-6825
CVE: CVE-2015-6824
CVE: CVE-2015-6823
CVE: CVE-2015-6822
CVE: CVE-2015-6821
CVE: CVE-2015-6820
CVE: CVE-2015-6819
CVE: CVE-2015-6818
WWW: https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/multimedia/gstreamer-ffmpeg
*** Error code 1

Stop.
make: stopped in /usr/ports/multimedia/gstreamer-ffmpeg
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20190512-87520-kj87uq env UPGRADE_TOOL=portupgrade UPGRADE_PORT=gstreamer-ffmpeg-0.10.13_6 UPGRADE_PORT_VER=0.10.13_6 make
** Fix the problem and try again.
** Listing the failed packages (-:ignored / *:skipped / !:failed)
    ! multimedia/gstreamer-ffmpeg (gstreamer-ffmpeg-0.10.13_6)    (security vulnerabilities)
#
```


----------



## talsamon (May 13, 2019)

`portupgrade -m DISABLE_VULNERABILITIES=yes gstreamer-ffmpeg`


----------



## scottro (May 13, 2019)

It is good though, to check out the CVE's listed and see if you wish to risk the vulnerability. It may be that the vulnerability is something that won't affect you, such as it requiring physical access to the machine, but before doing DISABLE_VULNERABILTIES, you can always check and see if it is a real risk for you.  Basically, if you go to the link they give, it seems as if most of these depend upon you downloading a dangerous file, so it's probably ok if you're careful. These are from 2015, 4 years ago, last modified in March of 2018.


----------

