[vlc-devel] VLC 1.1.11 coming

Rémi Denis-Courmont remi at remlab.net
Sat Jul 9 09:54:23 CEST 2011

Le samedi 9 juillet 2011 02:40:15 Felix Kühne, vous avez écrit :
> On 08.07.2011, at 19:41, Rémi Denis-Courmont wrote:
> > 	Hello,
> > 
> > Due to needed critical fixes, I expect VLC version 1.1.11 to be released
> > really soon. If you have pending patches or translations, please hurry up
> > and submit them to the vlc-devel or translators mailing list as
> > appropriate.
> > 
> > And if you package VLC binaries, get ready...
> As you might have seen from the news, the latest iOS jail break
> (jailbreakme.com) is once again based upon a previously unknown
> libfreetype vulnerability. Since this library is part of VLC's Win32 and
> OS X packages, would it make sense to wait a few days for this additional
> fix?

While this is a good question, it raises more further questions:
1/ What is that vulnerability? The only hit I get is some 2010 stuff which was 
fixed 11 months ago.
2/ Does MacOS not have FreeType if iOS does? If so, why does VLC for MacOS X 
ship its own FreeType?
3/ Is it really a _security_ issue for VLC? If it requires the admin or the 
user to install a corrupt font, it's a arguably a case of the user hacking his 
own system. This is a problem for iOS, but not for VLC. Do we support fonts 
embedded in media files?

Rémi Denis-Courmont

More information about the vlc-devel mailing list