oss-sec mailing list archives
Re: Re: [videolan] [oss-security] older issues in libbluray
From: Tavis Ormandy <taviso () google com>
Date: Tue, 24 Feb 2015 13:09:17 -0800
On Tue, Feb 24, 2015 at 1:03 PM, Jean-Baptiste Kempf <jb () videolan org> wrote:
On 24 Feb, Tavis Ormandy wrote :On Mon, Feb 23, 2015 at 7:47 AM, Jean-Baptiste Kempf <jb () videolan org> wrote:On 23 Feb, Kurt Seifried wrote :Again my apologies for this mess. The good news is that all our current embargoed flaws (none against VLC currently =) are being actively handled (e.g. worked on in a current time frame) and moving forwards we should hopefully be able to avoid issues like this.One libbluray issue was already fixed. The second one is not really fixable, since BD-J is actually executing java code from the outside.Forgive my unfamiliarity with BluRay, but based on what you just said, it seems like the solution is what was described in the report: just use a JSM?I don't see the JSM mentioned in the bugreport.
I didn't get the bug report, I was referring to the subject Florian pasted, "missing Java Security Manager sandbox in the BD-J implementation". If you run untrusted java, you would normally use a JSM, if you don't use one that does sound like a bug to me. Sigh, embargoes. Tavis.
Current thread:
- older issues in libbluray Kurt Seifried (Feb 06)
- Re: older issues in libbluray Moritz Mühlenhoff (Feb 22)
- Re: older issues in libbluray Kurt Seifried (Feb 22)
- Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: older issues in libbluray Florian Weimer (Feb 23)
- Re: [videolan] [oss-security] older issues in libbluray Kurt Seifried (Feb 23)
- Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
- Re: Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 24)
- Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
- Re: older issues in libbluray Kurt Seifried (Feb 22)
- Re: older issues in libbluray Moritz Mühlenhoff (Feb 22)