On Thursday 19 April 2007 06:51, David Paleino wrote: > Package: wnpp > Severity: wishlist > Owner: David Paleino <d.paleino@gmail.com> > > * Package name : mmsrip > Version : 0.7.0 > Upstream Author : Nicolas Benoit <nbenoit@tuxfamily.org> > * URL : http://nbenoit.tuxfamily.org/projects.php?rq=mmsrip > * License : GPL > Programming Lang: C > Description : client for the mms:// protocol > > MMSRIP is a client for the proprietary protocol MMS://. > It saves the content being streamed to a file. Just so you know, I looked at the source of this and it contains pretty much all of the bugs--including security issues--that are in the original mmsclient, but fixed in libmms. This code (mmsrip) really ought to use libmms, and if it does have any extra protocol-level features, they should be patched to libmms. Otherwise this is going to be a security nightmare for you. -- Wesley J. Landaker <wjl@icecavern.net> <xmpp:wjl@icecavern.net> OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2
Attachment:
pgpZ7bulPw8FU.pgp
Description: PGP signature