Bug#1023546: smplayer: leaks privacy info to google when system DNS resolver is badly configured

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1023546: smplayer: leaks privacy info to google when system DNS resolver is badly configured
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 06 Nov 2022 14:57:18 +0100
Message-id: <[🔎] 166774303837.1867533.17496532052307297154@auryn.jones.dk>
Reply-to: Jonas Smedegaard <dr@jones.dk>, 1023546@bugs.debian.org

Source: smplayer
Version: 22.7.0~ds0-1
Severity: normal
Tags: patch

It seems from reading source code, that smplayer hardcodes the use of
Google DNS resolver 8.8.8.8, using it as fallback when system is
badly configured to not set a resolver.

This is problematic, because it is a scenario rarely tested, and a
situation where arguably you would expect a failure instead of silently
leaking privacy information to Google:
https://wiki.debian.org/PrivacyIssues#DNS

Specifically, embedded mongoose code by default defines
MG_DEFAULT_NAMESERVER=8.8.8.8, and this has not been overridden in the
project code.

Please patch code to e.g. set MG_DEFAULT_NAMESERVER=0.0.0.0.


 - Jonas

Attachment: signature.asc
Description: signature

Reply to:

Prev by Date: python-libdiscid_2.0.2-1_source.changes ACCEPTED into unstable
Next by Date: Bug#1023547: smplayer: leaks privacy info to google when using chromecast feature
Previous by thread: python-libdiscid_2.0.2-1_source.changes ACCEPTED into unstable
Next by thread: Bug#1023547: smplayer: leaks privacy info to google when using chromecast feature
Index(es):
- Date
- Thread