Vulnerable shared libraries might make hcmlab:libssj vulnerable. Can you help upgrade to patch versions?

[HelenParr]

Hi, @ionut-damian , @vchernobyl , I'd like to report a vulnerability issue in com.github.hcmlab:libssj:0.7.6.

Issue Description

com.github.hcmlab:libssj:0.7.6 directly or transitively depends on 102 C libraries (.so) cross many platforms(such as x86-64, x86, arm). However, I noticed that some C libraries are vulnerable, containing the following CVEs:

libandroid_dlib.so from C project opencv(version:3.1.0) exposed 18 vulnerabilities: CVE-2019-15939, CVE-2019-14491, CVE-2019-14493, CVE-2019-14492, CVE-2017-1000450, CVE-2017-12863, CVE-2017-12862, CVE-2017-12864, CVE-2017-12604, CVE-2017-12597, CVE-2017-12606, CVE-2017-12605, CVE-2017-12598, CVE-2017-12600, CVE-2017-12599, CVE-2017-12602, CVE-2017-12601, CVE-2017-12603 libavfilter.so libavformat.so libavcodec.so libpostproc.so libswresample.so libavdevice.so from C project FFmpeg(version:4.1.3) exposed 5 vulnerabilities: CVE-2019-13390, CVE-2019-13312, CVE-2019-17539, CVE-2019-17542, CVE-2019-15942

Suggested Vulnerability Patch Versions

opencv has fixed the vulnerabilities in versions >=4.1.1 FFmpeg has fixed the vulnerabilities in versions >=4.2.1

Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~ Best regards,