[Slackbuilds-users] VLC subtitle handling vulnerability
Christoph Willing
chris.willing at linux.com
Wed May 24 10:28:32 UTC 2017
On 24/05/17 15:59, David O'Shaughnessy wrote:
> Just a heads up (maintainer cc'd in) about a vulnerability found in VLCs
> handling of subtitles:
>
> http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
>
> It's fixed in the latest 2.2.5.1 release. The build on SBo seems to be a
> development version though, so I'm not sure if this is relevant or not.
>
Thanks for the report Dave.
I've just pushed a new version that addresses the vulnerability (thanks
to Matteo for the updated source tarball).
I think we generally frown on using development versions but the
official releases (including 2.2.5.1) don't yet support the version of
ffmpeg we have at SBo.
chris
More information about the SlackBuilds-users
mailing list