WingNews logo WingNews
top | item 45785804

(no title)

fabrice_d | 4 months ago

It is absolutely Google's security issue if they use an open source project with that license:

https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/COPYING....

and then expect volunteers to provide them fixes.

discuss

order

joatmon-snoo|4 months ago

Google never asked a volunteer for a fix.

This is part of Google’s standard disclosure policy: it gets disclosed within 90 days starting from confirmation+contact.

If ffmpeg didn’t want to fix it, they could’ve just let the CVE get opened.

GaryBluto|4 months ago

It's not just Google who could be affected by this.

> and then expect volunteers to provide them fixes.

Expect volunteers to provide everyone using the software with fixes.

sillywabbit|4 months ago

For a bug in the LucasArts Smush codec? Why didn't you verify it was an mp4/h264 first?