[MPlayer-dev-eng] MPlayer in Browser? How to get informed about security holes?

Reimar Döffinger Reimar.Doeffinger at gmx.de
Fri Jan 28 19:44:46 CET 2011


On Tue, Jan 18, 2011 at 04:00:18PM +0100, Manuel Reimer wrote:
> I'm using MPlayer embedded in my browser to view embedded video on websites.
> 
> So the important question is: Do you think MPlayer is as secure as a
> plugin in browser requires it to be?

We're doing our best, but I'd recommend to _never_ let multimedia
content play automatically, and no matter with which player/plugin.

> Is there a mailing list, where I get informed about known security
> holes, so I can update my MPlayer installation as soon as possible?
> For me it seems like the announce mailing list isn't used any more?

Well, to be honest the situation is basically that we have either
distribution users where the distribution handles that or
for users that compile themselves the expectation is that they
would recompile at least every month or so, which considering
that it is self-compiled on different system with different compilers
means they are no real target. That is on top of the fact that nobody
seriously target MPlayer so far anyway.
But one way would be to subscribe to some list that publishes CVE
advisories and filter out anything that does not relate to MPlayer or
FFmpeg.


More information about the MPlayer-dev-eng mailing list