Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <K6FWV_Ak_epVQ-V7_CwT7CSTruGEsU7zXBhkL-zb5tIeXnMHHbprfzhezbJXOy5kvy2bSuliCID3BcgEzc965uwVQfG9aMejj-073UZdoHA=@protonmail.ch>
Date: Fri, 15 Aug 2025 18:45:53 +0000
From: Jordan Glover <Golden_Miller83@...tonmail.ch>
To: Demi Marie Obenour <demiobenour@...il.com>
Cc: oss-security@...ts.openwall.com, Martin Storsjö <martin@...tin.st>, Sam James <sam@...too.org>
Subject: Re: Question about (in)security of fdk-aac-free in linux distros

On Friday, August 15th, 2025 at 6:44 PM, Demi Marie Obenour <demiobenour@...il.com> wrote:

> What is your recommendation to distro maintainers? My understanding is
> that the full codec is included in the flathub runtimes but am not sure.
> --
> Sincerely,
> Demi Marie Obenour (she/her/hers)

No, flathub runtime shipped the fdk-aac-free version but removed it in current master
branch. I linked to exact commit in first post. AFAIK it's not released yet.

Jordan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.