[FFmpeg-devel] [PATCH 3/3] avformat: set the default whitelist to disable hls
wm4
nfxjfg at googlemail.com
Tue Jun 6 16:47:54 EEST 2017
On Tue, 6 Jun 2017 04:59:58 +0200
Michael Niedermayer <michael at niedermayer.cc> wrote:
> I disagree that the issue is minor and far fetched.
>
> The exploit that i have was successfully used against multiple
> companies (it was a demonstration and AFAIK no harm was done).
> That same attack works against all recent releases.
>
> My oppinion was and is that a exploit working basically on 100% of
> targets and can leak private information is a serious issue.
Until I see actual proof, I call bullshit. It also might be that there
are better solutions, but we can't know, because you withhold
information.
I'm sick of these "security" fixes, which just make everything
trickier, worse, and not necessarily much more secure.
More information about the ffmpeg-devel
mailing list