[MPlayer-users] When do I *have to* update MPlayer?
Manuel.Spam at nurfuerspam.de
Thu Nov 24 17:01:26 CET 2011
Carl Eugen Hoyos wrote:
>> Is this version vulnerable to serious security holes?
> At least one such exploit is known, yes.
> (Search for "assisted discovery of vulnerabilities yamaguchi")
Seems to be:
But this (in my opinion) has a few restrictions if it gets to code execution. Is
this really a dangerous hole which could be exploited from web if MPlayer is
used inside the browser?
> It is said not to be reproducible with current MPlayer svn.
So anything but the current SVN is vulnerable to a security hole where it is
known that code execution will work?
>> When do I *have to* update my MPlayer? I'm using MPlayer inside my browser!
> I think you are the only one who can answer that.
I only want to update if there is a reason for that. My idea was to trust the
distributor (Slackware in this case) but as updates are really rare on
Slackware, I feared to be actually vulnerable to something, so I asked here.
Is it possible to harden MPlayer? I don't need a player which plays anything but
the kitchen sink. It would be enough to be able to play the common formats used
> I may misunderstand the question: Whenever you update MPlayer, FFmpeg is also
> updated. So whenever FFmpeg receives (for you) important updates, you should
> update MPlayer.
Is it possible to separate both and have FFMPEG as separate dynamically linked
Why was there no announcement about the possible security problem on the
"announce" list? Why don't you roll a new release if the old one has a known hole?
More information about the MPlayer-users