Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-07 Thread Ricardo Villalba
I'm already using mongoose 6.11 in the svn of SMPlayer. So far it seems to work fine for me. https://app.assembla.com/spaces/smplayer/subversion/commits/9030 2018-06-07 15:08 GMT+02:00 Reinhard Tartler : > On Thu, Jun 7, 2018 at 6:20 AM Mateusz Łukasik wrote: > >> This is not fixed for me. I mad

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-07 Thread Reinhard Tartler
On Thu, Jun 7, 2018 at 6:20 AM Mateusz Łukasik wrote: > This is not fixed for me. I made patch with add latest Mongoose version > which included fixed for all of this cve's. > It pushed now to salsa. > > -- Thank you! I see that you've added https://salsa.debian.org/multimedia-team/smplayer/blo

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-07 Thread Mateusz Łukasik
disable the chromecast >> > component from the smplayer build? >> > >> > Please let me know your thoughts on this. >> > >> > Best, >> > Reinhard >> > >> > -- Forwarded message -

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-05 Thread Moritz Mühlenhoff
On Mon, Jun 04, 2018 at 12:47:48PM -0400, Reinhard Tartler wrote: > Ok, thanks. That sounds like a good plan! BTW, I'm not sure if Talos security actually reported these to the censenta/mongoose upstream project or whether they're doing it for the security buzz/advertising factor... I saw that up

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-04 Thread Reinhard Tartler
t, > >> > my question to you is whether we can easily disable the chromecast > >> > component from the smplayer build? > >> > > >> > Please let me know your thoughts on this. > >> > > >> > Best, > >> > Reinhard > >

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-03 Thread Ricardo Villalba
f not, >> > my question to you is whether we can easily disable the chromecast >> > component from the smplayer build? >> > >> > Please let me know your thoughts on this. >> > >> > Best, >> > Reinhard >> > >> > -- Forw

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-03 Thread Reinhard Tartler
but if not, > > my question to you is whether we can easily disable the chromecast > > component from the smplayer build? > > > > Please let me know your thoughts on this. > > > > Best, > > Reinhard > > > > -- Forwarded message --

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-03 Thread Ricardo Villalba
cast > component from the smplayer build? > > Please let me know your thoughts on this. > > Best, > Reinhard > > -- Forwarded message ----- > From: Moritz Muehlenhoff > Date: Thu, May 17, 2018 at 12:51 PM > Subject: Bug#898943: Multiple vulnerabili

Bug#898943: Fwd: Bug#898943: Multiple vulnerabiliities in Mongoose

2018-06-03 Thread Reinhard Tartler
t from the smplayer build? Please let me know your thoughts on this. Best, Reinhard -- Forwarded message - From: Moritz Muehlenhoff Date: Thu, May 17, 2018 at 12:51 PM Subject: Bug#898943: Multiple vulnerabiliities in Mongoose To: Debian Bug Tracking System Source: smplaye

Bug#898943: Multiple vulnerabiliities in Mongoose

2018-05-17 Thread Moritz Muehlenhoff
Source: smplayer Severity: grave Tags: security smplayer seems to embed Cesenta Mongoose: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2892 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2893 http://cve.mitre.org/cgi-bin