From oss-security  Tue Feb 24 21:03:37 2015
From: Jean-Baptiste Kempf <jb () videolan ! org>
Date: Tue, 24 Feb 2015 21:03:37 +0000
To: oss-security
Subject: Re: [oss-security] Re: [videolan] [oss-security] older issues in libbluray
Message-Id: <20150224210337.GA25373 () videolan ! org>
X-MARC-Message: https://marc.info/?l=oss-security&m=142481185019908

On 24 Feb, Tavis Ormandy wrote :
> On Mon, Feb 23, 2015 at 7:47 AM, Jean-Baptiste Kempf <jb@videolan.org> wrote:
> >
> > On 23 Feb, Kurt Seifried wrote :
> > > Again my apologies for this mess. The good news is that all our current
> > > embargoed flaws (none against VLC currently =) are being actively
> > > handled (e.g. worked on in a current time frame) and moving forwards we
> > > should hopefully be able to avoid issues like this.
> >
> > One libbluray issue was already fixed.
> > The second one is not really fixable, since BD-J is actually executing
> > java code from the outside.
> 
> Forgive my unfamiliarity with BluRay, but based on what you just said,
> it seems like the solution is what was described in the report: just
> use a JSM?

I don't see the JSM mentioned in the bugreport.


-- 
Jean-Baptiste Kempf
http://www.jbkempf.com/ - +33 672 704 734
Sent from my Electronic Device