On Tue, 6 Jun 2017, Michael Niedermayer wrote:
On Mon, Jun 05, 2017 at 05:33:29PM +0200, Nicolas George wrote:
Le septidi 17 prairial, an CCXXV, Michael Niedermayer a écrit :
[...]
You dont need to convince me that the extension check or changes
within just hls are not a complete solution. I
On Tue, 6 Jun 2017 04:59:58 +0200
Michael Niedermayer wrote:
> I disagree that the issue is minor and far fetched.
>
> The exploit that i have was successfully used against multiple
> companies (it was a demonstration and AFAIK no harm was done).
> That same attack works against all recent relea
On Tue, Jun 6, 2017 at 4:59 AM, Michael Niedermayer
wrote:
>>
>> The issue is about subsets of the URL space. Files from one URL should
>> be allowed to access data from URLs in the same relevant subset (same
>> subdirectory or same web server maybe?), but not outside.
>
> What percentage of hls f
On Mon, Jun 05, 2017 at 05:33:29PM +0200, Nicolas George wrote:
> Le septidi 17 prairial, an CCXXV, Michael Niedermayer a écrit :
[...]
> > You dont need to convince me that the extension check or changes
> > within just hls are not a complete solution. Iam quite well aware
> > of this. This is int
Le septidi 17 prairial, an CCXXV, Michael Niedermayer a écrit :
> thats "ad hominem"
I am sorry, I did not realize it was, please forgive me and allow me to
reformulate.
The pattern is: someone is made aware of a minor security exploit in
parts of the code not their direct responsibility. Nonethe
Hi
On Sun, Jun 04, 2017 at 12:46:18PM +0200, Nicolas George wrote:
> Le quartidi 14 prairial, an CCXXV, Michael Niedermayer a écrit :
> > > Notice a pattern?
> > yes
> > Security issues are found, i post a fix and people complain,
>
> No. The pattern is: you rush to produce a bad fix.
thats "ad
Le quartidi 14 prairial, an CCXXV, Michael Niedermayer a écrit :
> > Notice a pattern?
> yes
> Security issues are found, i post a fix and people complain,
No. The pattern is: you rush to produce a bad fix.
> If you knew a year and a half ago about a security issue and about a
> great solution to
On Fri, Jun 02, 2017 at 09:15:25AM +0200, Nicolas George wrote:
> Le tridi 13 prairial, an CCXXV, Michael Niedermayer a écrit :
> > This prevents an exploit leading to an information leak
> >
> > The existing exploit depends on a specific decoder as well.
> > It does appear though that the exploit
Le tridi 13 prairial, an CCXXV, Michael Niedermayer a écrit :
> This prevents an exploit leading to an information leak
>
> The existing exploit depends on a specific decoder as well.
> It does appear though that the exploit should be possible with any decoder.
> The problem is that as long as sen
On 01.06.2017 13:44, Michael Niedermayer wrote:
This prevents an exploit leading to an information leak
The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information get
This prevents an exploit leading to an information leak
The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder beco
11 matches
Mail list logo
