Latest YouTube Video

Tuesday, December 19, 2017

Re: [FD] [oss-security] CVE-2017-17670: vlc: type conversion vulnerability

On Fri, Dec 15, 2017 at 05:28:45AM -0500, Stiepan wrote: > Nice job! By the way, when is back-porting of the fix to the current > stable version(s) envisioned? (I doubt most oss OS distributions use > the "HEAD of the VLC master branch", nor that most Windows or Mac > users use the latest bleeding-edge build, leaving a potentially large > window for exploitation if former versions don't get fixed; knowing > VLC's popularity, I think that the question should be seriously > considered) > And is there a standalone patch or workaround that could be used for > older versions (besides not opening mp4 videos anymore)? The MP4 module has undergone some major changes and unfortunately the VLC project probably won't backport a fix to 2.2.x.

Source: Gmail -> IFTTT-> Blogger

No comments: