On Wed, 2020-11-04 at 12:47 +0100, Timo Rothenpieler wrote: > > On 04.11.2020 10:55, Joakim Tjernlund wrote: > > On Wed, 2020-11-04 at 10:51 +0100, Michael Niedermayer wrote: > > > > > > On Tue, Nov 03, 2020 at 02:38:52PM +0100, Andreas Rheinhardt wrote: > > > > Timo Rothenpieler: > > > > > Given the multitude of recent serious security issues in > > > > > Chromium-Based > > > > > Browsers, is this even still an issue? > > > > > Anything not up to date enough to have already been fixed has serious > > > > > security issues and should be updated ASAP, which also fixes this > > > > > issue > > > > > in turn. > > > > > > > > > > I'd rather see downstream users fix their stuff than introduce > > > > > workarounds for broken downstreams into ffmpeg. > > > > +1 > > > > > > I normally am in favor of helping downstreams but in this case > > > I think there is maybe some risk of adding code which could somehow > > > end up as part of an exploit. > > > Asking for a more restrictive limit should not disable the limit, > > > that feels a bit dangerous to me > > > > Not adding this forces apps to stay on known vulnerable ffmpeg > > No it doesn't. It forces them to upgrade away from a known vulnerable > old Chromium version to one that does not have the issue.
I was referring to what is out/released now. Eventually all SW will upgrade for one reason or another. Jocke _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
