Control: reassign -1 src:ffmpeg 7:2.8.4-1 Control: retitle -1 ffmpeg: needs to build with --disable-protocol=concat to really fix CVE-2016-1897
On 2016-01-19 18:11:01, Rémi Denis-Courmont wrote: > Package: vlc > Version: 2.2.1-5+b1 > Severity: grave > Tags: security patch > Justification: user security hole > > Dear Maintainer, > > With a carefully crafted URL, the VLC avio plugin can be made to leak > content of local files to remote parties. > The root cause is the same as CVE-2016-1897. > > See also: > > https://mailman.videolan.org/pipermail/vlc-devel/2016-January/105718.html There is nothing to be done in the vlc package. Reassigning to ffmpeg. It needs to be built with --disable-protocol=concat. Cheers -- Sebastian Ramacher
signature.asc
Description: PGP signature
