Moiseenko Andrey's crtmpserver security patch
IOhannes m zmölnig (Debian/GNU)
umlaeute at debian.org
Thu Oct 12 08:26:18 UTC 2017
hi,
On 2017-10-11 21:25, JSK MaaSoftware wrote:
> Hello, Maintainers!
>
> I have found a security problem in crtmpserver in December 2015, still
> exists.
thanks for the patches.
i only had a cursory glance, but have a remark:
i guess some of the functionality you add could be easily implemented
with additional software.
e.g. what's the advantage of your solution over a simple firewall that
denies access to crtmpserver's port? modern firewalls would support
IPv6, which it seems your patches do not support yet.
please note that Debian is really a *distribution* of software. we are
(mostly) not in charge of actually developing the software we ship.
so if you find a problem that is not Debian-specific, it is often a good
idea to send these patches directly to upstream if possible.
while it seems that the homepage of crtmpserver (http://www.rtmpd.com)
seems to be down, there is a git-repository on github.
https://github.com/shiretu/crtmpserver
please consider doing a pull-request against that repository.
gfamsdr
IOhannes
More information about the pkg-multimedia-maintainers
mailing list