[vlc-devel] FYI: Serious bug in old LIVE555 library versions - affecting VLC
Rémi Denis-Courmont
remi at remlab.net
Wed Nov 27 10:39:38 CET 2013
Hello,
On Tue, 26 Nov 2013 20:49:02 -1000, Ross Finlayson <finlayson at live555.com>
wrote:
> FYI, Yesterday I learned about a serious buffer-overflow bug in the
> LIVE555 library that affects VLC, and all other RTSP client applications
> that use the LIVE555 library. This bug could potentially allow an
attacker
> (with a malicious RTSP server) to cause cause arbitrary code to be
executed
> in VLC.
Well that is good to know but where is the the patch?
You do realize that we have downstreams distrbutions (and our own
best-effort QA process), do you not? They cannot just take a whole new
live555 version if they need to fix one specific bug, even
security-related.
Regards,
--
Rémi Denis-Courmont
Sent from my collocated server
More information about the vlc-devel
mailing list