Discover and read the best of Twitter Threads about #vlc

Most recents (2)

About the "security issue" on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.

Thread:
@MITREcorp So, a reporter, opened a bug on our bugtracker, which is outside of the reporting policy, aka, mail us in private on the security alias.
Of course, our bugtracker is public.

We could not, of course reproduce the issue, and tried to contact the security researcher, in private.
The reporter is using Ubuntu 18.04, which is an old version of Ubuntu, and clearly has not all the updated libraries.

But did not answer to our questions.
Read 18 tweets
We all love your media player, but that’s really rude #VLC 🙄

VLC developers refused to consider #software "update-over-HTTP" as a threat.

Responded→ “no threat model. no proof. no #security bug"

It wouldn't hurt if you simply consider the suggestion.

trac.videolan.org/vlc/ticket/217… Image
Though VLC updates are "signed and authenticated with OpenPGP," as developers said, adding an inexpensive but an important extra later of security is a considerable suggestion.
Yes, absolutely. But Looking at your software' popularity and the user base, adding another "easy to implement" second-factor authentication is not a bad idea. Or is it?

Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!