[FFmpeg-devel] [PATCH 3/3] avformat: set the default whitelist to disable hls

wm4 nfxjfg at googlemail.com
Tue Jun 6 16:47:54 EEST 2017


On Tue, 6 Jun 2017 04:59:58 +0200
Michael Niedermayer <michael at niedermayer.cc> wrote:

> I disagree that the issue is minor and far fetched.
> 
> The exploit that i have was successfully used against multiple
> companies (it was a demonstration and AFAIK no harm was done).
> That same attack works against all recent releases.
> 
> My oppinion was and is that a exploit working basically on 100% of
> targets and can leak private information is a serious issue.

Until I see actual proof, I call bullshit. It also might be that there
are better solutions, but we can't know, because you withhold
information.

I'm sick of these "security" fixes, which just make everything
trickier, worse, and not necessarily much more secure.


More information about the ffmpeg-devel mailing list