From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 08 14:16:09 2018 Received: (at 30378) by debbugs.gnu.org; 8 Feb 2018 19:16:09 +0000 Received: from localhost ([127.0.0.1]:34324 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ejrg1-0003lw-8e for submit@debbugs.gnu.org; Thu, 08 Feb 2018 14:16:09 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:50303) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ejrg0-0003lo-3J for 30378@debbugs.gnu.org; Thu, 08 Feb 2018 14:16:08 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 84EF021096; Thu, 8 Feb 2018 14:16:07 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Thu, 08 Feb 2018 14:16:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=vvF00mhLioqL1aikjh0m96Dve4Davp44k0iToQUPKNM=; b=yPgTb UuAiKccFY+2rtRzwj1VPfOD5JVITIb9GURTp+51Zfuzbn1WECRYkjMq48RFaLFsv +o7KmyLi7rwkW4PttcvBl+ZyfC3XVEpEYxsBIEcLzdtYcnWlXA8EouE0yDOy9bI/ b0NmK06qBCZ236WCcg84j2D6ppl7SJBiI1G11A= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=vvF00mhLioqL1aikjh0m96Dve4Dav p44k0iToQUPKNM=; b=E6DwdWkoxQJypG3MhdcRdPRdgGjL/Bz/OEZwikD+KmUtc ko9Yc/bLgo+ZPb7eqj6fhCemG6mi7dxt67DU2oXZ1+owaQpuohxMwqlByDm7rBG0 WEkDdXuTNgCeKkpMlZQOzFVoeIJ8Gq7+zdnN+QSQ8PnYcDtJcJEQ0kvZiiTlxGPG bG7YzOK6CIXonEHjzVsyMmwSGHfmt0SSLr2jDfuvdppCfy4Sn1CR60yTBaXk7b/O /CsoGRu1UK4bkGYVMWsY+fGI++mYWeayEu0CZnf6Fho7ovOXWwelYcWA5bsfnvte 8H3IcVlRJL0G+Md/bhLpnyy3t5uAyTku9VDkf2d4A== X-ME-Sender: Received: from localhost (c-174-57-22-83.hsd1.nj.comcast.net [174.57.22.83]) by mail.messagingengine.com (Postfix) with ESMTPA id 42B3F240B6; Thu, 8 Feb 2018 14:16:07 -0500 (EST) Date: Thu, 8 Feb 2018 14:16:06 -0500 From: Leo Famulari To: Alex Vong Subject: Re: [bug#30378] [PATCH] gnu: mpv: Fix CVE-2018-6360. Message-ID: <20180208191606.GA21732@jasmine.lan> References: <87tvuts33b.fsf@gmail.com> <20180208024417.GB16980@jasmine.lan> <87mv0kqb67.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline In-Reply-To: <87mv0kqb67.fsf@gmail.com> User-Agent: Mutt/1.9.2 (2017-12-15) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 30378 Cc: 30378@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 08, 2018 at 01:53:52PM +0800, Alex Vong wrote: > Leo Famulari writes: > > I noticed that the person who fixed the bug upstream said that 4 commits > > were needed [0], but this patch (and Debian's and Nix's) are missing the > > first in that person's list, 828bd2963cd10. > > > > I'm going to ask upstream to clarify but, in the meantime, do you know > > why this patch is not included? > > > I have no idea about this. I think we should wait for the author to tell > us what they think. Here is a new patch with the 4 commits: Upstream clarified that the "missing" commit is not actually necessary here: "Yeah, nevermind. Being able to use the native dash demuxer is not necessary for the security fixes." https://github.com/mpv-player/mpv/issues/5456#issuecomment-364087205 So I'm going to test and push your original patch shortly. --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlp8oe8ACgkQJkb6MLrK fwgr3hAAwBBhmRigw/flKfzCjQdnr4xUPye02XE33QdVHaMbsjjTk3Q4lzoAOlFb 7jJBxsDrBnr3GxEP1QIJoxBmGvcRAQYn70gI4OjdPWDZeAC7ttNVTKyUvuUcMKWp bHW2VAq42kstOBa8GxMwS2HhrrLEAkOvJQcOZOjiR3OqcDiOqFPUIaCSojCCKlyq 4BMo1tp+IpGfIWpICQHuKQbrZi/MYZR5GDdQqNgn8ulQ6kbQSIt8e4+ALTtJfBOP wSBfwN3CsYKVkhhG+K/frznWlrZ9i82a3aXbNK7Aikm/yUY8cCVZyX68fxeSJvLk eVZYFnAhLkkaNM9ksLr4Mj8pZBfLqUJZHJYm34hU8KiFvxkglHrkNY/0ukBSwIek 9+VcAETM4+5Hebxz/1dJWXM0wKAO9WlxjL5mjqWPx0ccNj+7+c9KUVMjPI0iNDWr 5a94CyvwOb07ESKYQZ4Kt+QkjBe6ku0ruq4yzSux06hsxj8Br1qZbnjH3NsT2MCF ar+Sjc8TvrbOR4SbKWaaPaKndCYu/HqIGzfjG8FxVwQ/1Xs3ZiXASzoiea0lNAhJ xzu+ygwE/dtL+hGSsm291siAZ65XH5bxAyPmt1U4MxsjoRB9LDf5Kr/A8ok83mcd 0ooNv51jp2GPlhtcpG1qpquuK6+aA7LlhPU+VHUoeTKuthqtnfM= =OGJH -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE--