# gstreamer-ffmpeg vulnerability!



## teo (Jun 24, 2019)

Hello!

*gstreamer-ffmpeg* This necessary dependency for audio or video the  system detects vulnerability, someone maintaining this multimedia/gstreamer-ffmpeg port?


# `pkg audit`

```
gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-6826
CVE: CVE-2015-6825
CVE: CVE-2015-6824
CVE: CVE-2015-6823
CVE: CVE-2015-6822
CVE: CVE-2015-6821
CVE: CVE-2015-6820
CVE: CVE-2015-6819
CVE: CVE-2015-6818
WWW: https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8365
CVE: CVE-2015-8364
CVE: CVE-2015-8363
CVE: CVE-2015-8219
CVE: CVE-2015-8218
CVE: CVE-2015-8217
CVE: CVE-2015-8216
CVE: CVE-2015-6761
WWW: https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8663
CVE: CVE-2015-8662
WWW: https://vuxml.FreeBSD.org/freebsd/4bae544d-06a3-4352-938c-b3bcbca89298.html

3 problem(s) in 1 installed package(s) found.
#
```


----------



## Alain De Vos (Jun 24, 2019)

gstreamer-ffmpeg links to ffmpeg0 which expires.
But there is gstreamer1-libav , and many other gstreamer plugins available.


----------



## shkhln (Jun 24, 2019)

Those CVEs do not look like they would be applicable to gstreamer-ffmpeg at all.



teo said:


> This necessary dependency for audio or video the system detects vulnerability



Why do you even care? The only thing you can do as a regular user is either update or remove packages. Since you do not seem to be willing to remove packages, you might as well forget about `pkg audit` and just run `pkg update` once a week.


----------



## shkhln (Jun 24, 2019)

shkhln said:


> Those CVEs do not look like they would be applicable to gstreamer-ffmpeg at all.



Ok, so that thing actually bundles libav 0.7.7. Way too old.


----------

