[vlc-devel] Regarding "obscure" security problem

Felix Paul Kühne fkuehne.videolan at googlemail.com
Wed Dec 26 16:58:50 CET 2007

Am 26.12.2007 um 15:50 schrieb Rémi Denis-Courmont:

> I leave as an exercise to the reader to find out how to do the exact
> same thing using EXTVLCOPT inside a MP3 URL file.
> [...]
> Thank you for your attention, I hope you are enjoying the end of the
> year at least as much as I do.

I share your opinion on these points. These security problems should  
surely be solved. As there are currently 2 fixes already backported  
to the 0.8.6 branch, we may want to do a VLC 0.8.6e including these  
and secured implementations of both the M3U parser and the web plugins.

I'm not able to provide complete Mac OS X builds until the 5th of  
January, so I suggest to have the tarballs ready by the 4th so we can  
release as soon as possible when I get home. This way, there is  
enough time for us to end this discussion and actually implement the  
fixes. (Additionally, Pierre and me got time to fix 2 regressions in  
0.8.6d on OSX, but that's another point...) I do share Pierre's  
position to provide access to "save" options only for M3U files.  
Concerning the browser plugins, I fail to see the point of supporting  
any MRL features and would be glad to see the reasons why they're  
actually there...


More information about the vlc-devel mailing list