[vlc-devel] VLC 1.1.11 coming
Rémi Denis-Courmont
remi at remlab.net
Sat Jul 9 09:54:23 CEST 2011
Le samedi 9 juillet 2011 02:40:15 Felix Kühne, vous avez écrit :
> On 08.07.2011, at 19:41, Rémi Denis-Courmont wrote:
> > Hello,
> >
> > Due to needed critical fixes, I expect VLC version 1.1.11 to be released
> > really soon. If you have pending patches or translations, please hurry up
> > and submit them to the vlc-devel or translators mailing list as
> > appropriate.
> >
> > And if you package VLC binaries, get ready...
>
> As you might have seen from the news, the latest iOS jail break
> (jailbreakme.com) is once again based upon a previously unknown
> libfreetype vulnerability. Since this library is part of VLC's Win32 and
> OS X packages, would it make sense to wait a few days for this additional
> fix?
While this is a good question, it raises more further questions:
1/ What is that vulnerability? The only hit I get is some 2010 stuff which was
fixed 11 months ago.
2/ Does MacOS not have FreeType if iOS does? If so, why does VLC for MacOS X
ship its own FreeType?
3/ Is it really a _security_ issue for VLC? If it requires the admin or the
user to install a corrupt font, it's a arguably a case of the user hacking his
own system. This is a problem for iOS, but not for VLC. Do we support fonts
embedded in media files?
--
Rémi Denis-Courmont
http://www.remlab.net/
http://fi.linkedin.com/in/remidenis
More information about the vlc-devel
mailing list