On 13/01/16 20:22, Rémi Denis-Courmont wrote: > On Wednesday 13 January 2016 19:29:40 Luca Barbato wrote: >> On 13/01/16 18:46, Rémi Denis-Courmont wrote: >>> How and to whom? I fail to see a bug. >> >> In a moderately convoluted way one can upload a m3u8 that references to >> the concatenation of a playlist and the file you want to leak > > That "leaks" the file to the local user that has read access to it. In other > words, it does not leak anything. > > Or if you want to call that a leak, then a playlist can also "leak" any local > file using a file URI, so long as avformat recognizes the file format. Or an > Intranet resource using http/https/ftp/ftpes/ftps URI. Etc. So you need to > blacklist all protocols (or almost). >
No, it leaks the excerpt of the file to the owner of the server. _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
