[x264-devel] How to report a vulnerability in libx264?
Janne Grunau
janne-x264 at jannau.net
Tue Nov 12 00:21:07 CET 2019
Hej,
On 2019-11-11 13:46:03 -0800, Natalie Silvanovich wrote:
>
> I was wondering if this list is the right place to report a security bug in
> libx264?
I guess opening an issue on
https://code.videolan.org/videolan/x264/issues (requires registration)
would be preferred since it allows marking security bug reports as not
publically visible until they are fixed.
I don't see many use cases where a security issue in libx264 is likely
to used in a way which requires postponing the disclosure until the
issue has been fixed. So reporting it on this mailing list would be fine
too. I trust your judgement on the impact of the bug and disclosure.
Thanks
Janne
More information about the x264-devel
mailing list