[vlc-devel] Regarding "obscure" security problem
Felix Paul Kühne
fkuehne.videolan at googlemail.com
Wed Dec 26 16:58:50 CET 2007
Am 26.12.2007 um 15:50 schrieb Rémi Denis-Courmont:
> I leave as an exercise to the reader to find out how to do the exact
> same thing using EXTVLCOPT inside a MP3 URL file.
>
> [...]
>
> Thank you for your attention, I hope you are enjoying the end of the
> year at least as much as I do.
I share your opinion on these points. These security problems should
surely be solved. As there are currently 2 fixes already backported
to the 0.8.6 branch, we may want to do a VLC 0.8.6e including these
and secured implementations of both the M3U parser and the web plugins.
I'm not able to provide complete Mac OS X builds until the 5th of
January, so I suggest to have the tarballs ready by the 4th so we can
release as soon as possible when I get home. This way, there is
enough time for us to end this discussion and actually implement the
fixes. (Additionally, Pierre and me got time to fix 2 regressions in
0.8.6d on OSX, but that's another point...) I do share Pierre's
position to provide access to "save" options only for M3U files.
Concerning the browser plugins, I fail to see the point of supporting
any MRL features and would be glad to see the reasons why they're
actually there...
Best,
Felix
More information about the vlc-devel
mailing list