[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#30378] [PATCH] gnu: mpv: Fix CVE-2018-6360.
From: |
Leo Famulari |
Subject: |
[bug#30378] [PATCH] gnu: mpv: Fix CVE-2018-6360. |
Date: |
Thu, 8 Feb 2018 14:16:06 -0500 |
User-agent: |
Mutt/1.9.2 (2017-12-15) |
On Thu, Feb 08, 2018 at 01:53:52PM +0800, Alex Vong wrote:
> Leo Famulari <address@hidden> writes:
> > I noticed that the person who fixed the bug upstream said that 4 commits
> > were needed [0], but this patch (and Debian's and Nix's) are missing the
> > first in that person's list, 828bd2963cd10.
> >
> > I'm going to ask upstream to clarify but, in the meantime, do you know
> > why this patch is not included?
> >
> I have no idea about this. I think we should wait for the author to tell
> us what they think. Here is a new patch with the 4 commits:
Upstream clarified that the "missing" commit is not actually necessary
here:
"Yeah, nevermind. Being able to use the native dash demuxer is not
necessary for the security fixes."
https://github.com/mpv-player/mpv/issues/5456#issuecomment-364087205
So I'm going to test and push your original patch shortly.
signature.asc
Description: PGP signature