[x264-devel] How to report a vulnerability in libx264?

Natalie Silvanovich natashenka at google.com
Tue Nov 12 01:21:00 CET 2019


Thanks, I put it in the bug tracker!

On Mon, Nov 11, 2019 at 3:21 PM Janne Grunau <janne-x264 at jannau.net> wrote:

> Hej,
>
> On 2019-11-11 13:46:03 -0800, Natalie Silvanovich wrote:
> >
> > I was wondering if this list is the right place to report a security bug
> in
> > libx264?
>
> I guess opening an issue on
> https://code.videolan.org/videolan/x264/issues (requires registration)
> would be preferred since it allows marking security bug reports as not
> publically visible until they are fixed.
> I don't see many use cases where a security issue in libx264 is likely
> to used in a way which requires postponing the disclosure until the
> issue has been fixed. So reporting it on this mailing list would be fine
> too. I trust your judgement on the impact of the bug and disclosure.
>
> Thanks
>
> Janne
>
> _______________________________________________
> x264-devel mailing list
> x264-devel at videolan.org
> https://mailman.videolan.org/listinfo/x264-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/x264-devel/attachments/20191111/bef6dd80/attachment.html>


More information about the x264-devel mailing list