[arch-dev-public] FFmpeg vulnerability
Maxime Gauduin
alucryd at archlinux.org
Fri Jan 15 19:47:41 UTC 2016
On Wed, Jan 13, 2016 at 7:24 PM, Maxime Gauduin <alucryd at archlinux.org>
wrote:
> Hi all,
>
> A vulnerability via which someone can steal files from remote machines has
> been discovered in FFmpeg and was made public. See associated bug report
> [1].
> Disabling networking altogether seems a bit much, but James Darnley @
> FFmpeg suggested that disabling HLS should do the trick until a fix is
> committed so I'll go ahead and rebuild our FFmpeg without the HLS and
> AppleHTTP demuxers.
>
> [1] https://bugs.archlinux.org/task/47738
>
> Cheers,
> --
> Maxime
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> This
> email has been sent from a virus-free computer protected by Avast.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#1004832192_DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
The vulnerabilty is now fixed upstream, I just pushed 1:2.8.4-4 built with
the 3 relevant patches.
Cheers,
--
Maxime
More information about the arch-dev-public
mailing list