Hi, @Piasy , @eritpchy , I'd like to report a vulnerability issue in com.github.piasy:AudioMixer:1.0.3.
Issue Description
com.github.piasy:AudioMixer:1.0.3 directly or transitively depends on 8 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:
FFmpeg has fixed the vulnerabilities in versions >=4.4.1
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects.
Could you please upgrade the above shared libraries to their patch versions?
Hi, @Piasy , @eritpchy , I'd like to report a vulnerability issue in com.github.piasy:AudioMixer:1.0.3.
Issue Description
com.github.piasy:AudioMixer:1.0.3 directly or transitively depends on 8 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:
libaudio_mixer.sofrom C project ffmpeg(version:3.4.2) exposed 8 vulnerabilities: CVE-2018-1999012, CVE-2018-1999010, CVE-2018-1999015, CVE-2018-1999014, CVE-2018-14394, CVE-2018-1999011, CVE-2018-1999013, CVE-2018-15822Suggested Vulnerability Patch Versions
FFmpeg has fixed the vulnerabilities in versions >=4.4.1
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~ Best regards, Helen Parr