Much though I think we dislike the way this has been reported, I believe Michael's behaviour in this instance is correct. Publication of the vulnerability has a potentially negative effect on _both_ projects. Additionally, a patch has been committed to FFmpeg that while it is not really my say, should still be committed to LibAV a.s.a.p. if it mitigates a security issue.
-- Sean _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel