On Wed, 2020-11-04 at 12:47 +0100, Timo Rothenpieler wrote:
> 
> On 04.11.2020 10:55, Joakim Tjernlund wrote:
> > On Wed, 2020-11-04 at 10:51 +0100, Michael Niedermayer wrote:
> > > 
> > > On Tue, Nov 03, 2020 at 02:38:52PM +0100, Andreas Rheinhardt wrote:
> > > > Timo Rothenpieler:
> > > > > Given the multitude of recent serious security issues in 
> > > > > Chromium-Based
> > > > > Browsers, is this even still an issue?
> > > > > Anything not up to date enough to have already been fixed has serious
> > > > > security issues and should be updated ASAP, which also fixes this 
> > > > > issue
> > > > > in turn.
> > > > > 
> > > > > I'd rather see downstream users fix their stuff than introduce
> > > > > workarounds for broken downstreams into ffmpeg.
> > > > +1
> > > 
> > > I normally am in favor of helping downstreams but in this case
> > > I think there is maybe some risk of adding code which could somehow
> > > end up as part of an exploit.
> > > Asking for a more restrictive limit should not disable the limit,
> > > that feels a bit dangerous to me
> > 
> > Not adding this forces apps to stay on known vulnerable ffmpeg
> 
> No it doesn't. It forces them to upgrade away from a known vulnerable
> old Chromium version to one that does not have the issue.

I was referring to what is out/released now. Eventually all SW will upgrade for 
one reason or another.

 Jocke
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to