[vlc-devel] FYI: Serious bug in old LIVE555 library versions - affecting VLC
remi at remlab.net
Wed Nov 27 10:39:38 CET 2013
On Tue, 26 Nov 2013 20:49:02 -1000, Ross Finlayson <finlayson at live555.com>
> FYI, Yesterday I learned about a serious buffer-overflow bug in the
> LIVE555 library that affects VLC, and all other RTSP client applications
> that use the LIVE555 library. This bug could potentially allow an
> (with a malicious RTSP server) to cause cause arbitrary code to be
> in VLC.
Well that is good to know but where is the the patch?
You do realize that we have downstreams distrbutions (and our own
best-effort QA process), do you not? They cannot just take a whole new
live555 version if they need to fix one specific bug, even
Sent from my collocated server
More information about the vlc-devel