oss-sec mailing list archives
Re: CVE request: BD-J implementation in libbluray
From: Jean-Baptiste Kempf <jb () videolan org>
Date: Tue, 3 Nov 2015 11:57:42 +0100
On 05/10/2015 11:21, Florian Weimer wrote:
I don't know. There is a BDJSecurityManager, but I'm not convinced it's sufficiently strict. For instance, the checkPermission(Permission) method does not call checkWrite(String) for FilePermission objects at all. This does not look right, but I'm not familiar with the finer points of Java sandboxing.
Confirmed as fixed in 0.9.1. -- Jean-Baptiste Kempf http://www.jbkempf.com/ - +33 672 704 734 Sent from my Electronic Device
Current thread:
- Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Oct 04)
- Re: CVE request: BD-J implementation in libbluray Florian Weimer (Oct 05)
- Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Nov 03)
- <Possible follow-ups>
- Re: CVE request: BD-J implementation in libbluray cve-assign (Oct 12)
- Re: Re: CVE request: BD-J implementation in libbluray Salvatore Bonaccorso (Oct 13)
- Re: CVE request: BD-J implementation in libbluray Florian Weimer (Oct 05)