Sorry, I messed up Ricardo's email address in my previous follow-up, so
his reply went to me only. I'm quoting his input with his permission:
Older versions of SMPlayer downloaded a javascript function from
> http://updates.smplayer.info/yt.js in order to decrypt a signature,
> which it's necess
On Sun, Jun 3, 2018 at 9:36 PM Jonas Smedegaard wrote:
>
> Hi Reinhard,
>
> Excerpts from Reinhard Tartler's message of juni 3, 2018 10:48 pm:
> > On Mon, Jul 31, 2017 at 1:48 AM Jonas Smedegaard wrote:
> >> smplayer includes code in src/basegui.cpp to download and (I guess)
> >> execute javascri
Hi Reinhard,
Excerpts from Reinhard Tartler's message of juni 3, 2018 10:48 pm:
On Mon, Jul 31, 2017 at 1:48 AM Jonas Smedegaard wrote:
smplayer includes code in src/basegui.cpp to download and (I guess)
execute javascript code for parsing youtube paths. The download URL
is http://updates.sm
Control: found -1 14.9.0~ds0-1
Control: fixed -1 17.7.0~ds0-1
Hi,
On 31/07/17 06:45, Jonas Smedegaard wrote:
> Source: smplayer
> Version: 17.7.0~ds0-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> smplayer includes code in src/basegui.cpp to download and (I guess)
>
Processing control commands:
> found -1 14.9.0~ds0-1
Bug #870233 [src:smplayer] smplayer: executes javascript code downloaded from
insecure URL
Marked as found in versions smplayer/14.9.0~ds0-1.
> fixed -1 17.7.0~ds0-1
Bug #870233 [src:smplayer] smplayer: executes javascript code downloaded from
Source: smplayer
Version: 17.7.0~ds0-1
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
smplayer includes code in src/basegui.cpp to download and (I guess)
execute javascript code for parsing youtube paths. The download URL is
http:
6 matches
Mail list logo
