On 04.11.2020 10:55, Joakim Tjernlund wrote:
On Wed, 2020-11-04 at 10:51 +0100, Michael Niedermayer wrote:
On Tue, Nov 03, 2020 at 02:38:52PM +0100, Andreas Rheinhardt wrote:
Timo Rothenpieler:
Given the multitude of recent serious security issues in Chromium-Based
Browsers, is this even still an issue?
Anything not up to date enough to have already been fixed has serious
security issues and should be updated ASAP, which also fixes this issue
in turn.
I'd rather see downstream users fix their stuff than introduce
workarounds for broken downstreams into ffmpeg.
+1
I normally am in favor of helping downstreams but in this case
I think there is maybe some risk of adding code which could somehow
end up as part of an exploit.
Asking for a more restrictive limit should not disable the limit,
that feels a bit dangerous to me
Not adding this forces apps to stay on known vulnerable ffmpeg
No it doesn't. It forces them to upgrade away from a known vulnerable
old Chromium version to one that does not have the issue.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
