On Wed, Jan 13, 2016 at 7:24 PM, Maxime Gauduin <[email protected]> wrote:
> Hi all, > > A vulnerability via which someone can steal files from remote machines has > been discovered in FFmpeg and was made public. See associated bug report > [1]. > Disabling networking altogether seems a bit much, but James Darnley @ > FFmpeg suggested that disabling HLS should do the trick until a fix is > committed so I'll go ahead and rebuild our FFmpeg without the HLS and > AppleHTTP demuxers. > > [1] https://bugs.archlinux.org/task/47738 > > Cheers, > -- > Maxime > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > This > email has been sent from a virus-free computer protected by Avast. > www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > <#1004832192_DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > The vulnerabilty is now fixed upstream, I just pushed 1:2.8.4-4 built with the 3 relevant patches. Cheers, -- Maxime
