[Dev] Fwd: [arch-dev-public] FFmpeg vulnerability

fauno fauno at endefensadelsl.org
Wed Jan 13 22:23:22 GMT 2016



-------------------- Start of forwarded message --------------------
From: Maxime Gauduin <alucryd at archlinux.org>
Date: Wed, 13 Jan 2016 19:24:13 +0100
Subject: [arch-dev-public] FFmpeg vulnerability

Hi all,

A vulnerability via which someone can steal files from remote machines has
been discovered in FFmpeg and was made public. See associated bug report
Disabling networking altogether seems a bit much, but James Darnley @
FFmpeg suggested that disabling HLS should do the trick until a fix is
committed so I'll go ahead and rebuild our FFmpeg without the HLS and
AppleHTTP demuxers.

[1] https://bugs.archlinux.org/task/47738

email has been sent from a virus-free computer protected by Avast.
-------------------- End of forwarded message --------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160113/91be6bc8/attachment.sig>

More information about the Dev mailing list