[MPlayer-users] Why no security advisory for CVE-2008-3827
Attila Kinali
attila at kinali.ch
Sun Oct 12 14:58:38 CEST 2008
On Sun, 12 Oct 2008 14:18:48 +0200
Manuel Reimer <Manuel.Spam at nurfuerspam.de> wrote:
> Loren Merritt wrote:
> > Did you miss the part in the very page you linked which says the bug was
> > fixed before the CERT was published, and links to the commit?
>
> And so it's my job to backport this commit to get it to work with
> Mplayer 1.0 RC2?
Note: It's MPlayer, not Mplayer.
> > Or do you expect us to release a new official binary every time some bug
> > gets fixed?
>
> No, but you could have placed the patch to
>
> ftp://ftp1.mplayerhq.hu/MPlayer/patches
>
> and you could have published some information to the homepage of
> mplayer. How should Mplayer 1.0 RC2 users find out that they have to
> patch and recompile if you don't tell them?
If you are a normal user, you shouldn't use rc2 anyways, but svn.
Otherwise you'll work with an totaly outdated version of MPlayer
with tons of bugs and security issues.
If you are a packager for a distribution, you should be able
to extract the needed information to patch your package.
Attila Kinali
--
The true CS students do not need to know how to program.
They learn how to abstract the process of programming to
the point of making programmers obsolete.
-- Jabber in #holo
More information about the MPlayer-users
mailing list