Source: smplayer Version: 22.7.0~ds0-1 Severity: normal Tags: patch It seems from reading source code, that smplayer hardcodes the use of Google DNS resolver 8.8.8.8, using it as fallback when system is badly configured to not set a resolver.
This is problematic, because it is a scenario rarely tested, and a situation where arguably you would expect a failure instead of silently leaking privacy information to Google: https://wiki.debian.org/PrivacyIssues#DNS Specifically, embedded mongoose code by default defines MG_DEFAULT_NAMESERVER=8.8.8.8, and this has not been overridden in the project code. Please patch code to e.g. set MG_DEFAULT_NAMESERVER=0.0.0.0. - Jonas
signature.asc
Description: signature
