Hi Rémi, On 26.01.2016 19:49, Rémi Denis-Courmont wrote: > On Thursday 21 January 2016 23:03:25 Andreas Cadhalpun wrote: >> Why not fix the issue properly instead of removing useful functionality? > > By its very essence, the concat protocol allows for injection attacks with > untrusted URLs (the same super-class of vulnerabilities as XSS and SQL > injection).
That's not necessarily the case, if it is reasonably restricted by default. > Either you remove that functionality, or you ensure that all URls ever passed > to libavformat trusted. Best of luck with the latter option. One can also apply restrictions for URLs passed to libavformat that by default prevent information leaks. Best regards, Andreas _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
