[FFmpeg-devel] Security issues?

Michael Niedermayer michaelni
Tue Sep 22 20:09:08 CEST 2009


Hi

lars has mailed me the following 2 links
http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
http://secunia.com/advisories/36805/

they seem to contain some hints toward security issues in ffmpeg,
i guess i dont need to mention that i was unaware of security issues in
svn, if any of them do apply to svn ...

Sadly i caught a virus a few days ago and have some fever ATM so it would
be great if some other volunteers could help me go over these issues
check if they have been fixed already in svn and if not fix them

besides that
* 0.5 is not secure and not supported by us, people should always use svn
* obviously NULL pointer dereferences and such are a rather minor issue, its
  the arbitrary code execution cases that need to be dealt with ...


-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090922/92284d2e/attachment.pgp>



More information about the ffmpeg-devel mailing list