[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#30378] [PATCH] gnu: mpv: Fix CVE-2018-6360.

From: Leo Famulari
Subject: [bug#30378] [PATCH] gnu: mpv: Fix CVE-2018-6360.
Date: Thu, 8 Feb 2018 14:16:06 -0500
User-agent: Mutt/1.9.2 (2017-12-15)

On Thu, Feb 08, 2018 at 01:53:52PM +0800, Alex Vong wrote:
> Leo Famulari <address@hidden> writes:
> > I noticed that the person who fixed the bug upstream said that 4 commits
> > were needed [0], but this patch (and Debian's and Nix's) are missing the
> > first in that person's list, 828bd2963cd10.
> >
> > I'm going to ask upstream to clarify but, in the meantime, do you know
> > why this patch is not included?
> >
> I have no idea about this. I think we should wait for the author to tell
> us what they think. Here is a new patch with the 4 commits:

Upstream clarified that the "missing" commit is not actually necessary

"Yeah, nevermind. Being able to use the native dash demuxer is not
necessary for the security fixes."

So I'm going to test and push your original patch shortly.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]