Control: tags -1 = moreinfo Control: severity -1 important Hi,
On 19.01.2016 17:27, Sebastian Ramacher wrote: > On 2016-01-19 18:11:01, Rémi Denis-Courmont wrote: >> With a carefully crafted URL, the VLC avio plugin can be made to leak >> content of local files to remote parties. >> The root cause is the same as CVE-2016-1897. >> >> See also: >> >> https://mailman.videolan.org/pipermail/vlc-devel/2016-January/105718.html > > There is nothing to be done in the vlc package. Reassigning to ffmpeg. It > needs > to be built with --disable-protocol=concat. How is CVE-2016-1897 not fully fixed? Rémi, please share details about any remaining vulnerability with <ffmpeg-secur...@ffmpeg.org>. Best regards, Andreas
