[x264-devel] How to report a vulnerability in libx264?
Janne Grunau
janne-x264 at jannau.net
Tue Nov 12 01:21:23 CET 2019
Hej,
On 2019-11-12 00:21:07 +0100, Janne Grunau wrote:
>
> On 2019-11-11 13:46:03 -0800, Natalie Silvanovich wrote:
> >
> > I was wondering if this list is the right place to report a security bug in
> > libx264?
>
> I guess opening an issue on
> https://code.videolan.org/videolan/x264/issues (requires registration)
> would be preferred since it allows marking security bug reports as not
> publically visible until they are fixed.
> I don't see many use cases where a security issue in libx264 is likely
> to used in a way which requires postponing the disclosure until the
> issue has been fixed. So reporting it on this mailing list would be fine
> too. I trust your judgement on the impact of the bug and disclosure.
Another option would be the videolan security contact:
https://www.videolan.org/security/
Janne
More information about the x264-devel
mailing list