> liblivemedia provides an implementation of the server and client side of > RTSP. So, unless a CVE affects the code path used by the RTSP client (as > for example used by vlc), I won't spend any time on it.
Ok, I thought live555 was also known as one of the main free rtsp
server implementations. Is this actually wrong ?
> Before you start cherry-picking the patches from experimental, I'd
> suggest to get in contact with the release team to do a proper
> transition to the new upstream version (maybe even to the 2019.03.xx
> release that's not yet packaged). Those new release effectively only
> consists of the fixes for the recent CVEs. (Yes, I know that the freeze
> already started.)
Agree. I will look into it if I manage to find time for this.
thanks
regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
