SecReview: Fluendo MP3 decoder

RESOLVED FIXED

Status

RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: rillian, Assigned: posidron)

Tracking

Details

(Whiteboard: [completed secreview][score:0::Low])

We're considering shipping fluendo's licensed mp3 decoder with firefox. I'd like to have a security review so we know safe the codebase would be for our users.

Source is available from https://core.fluendo.com/gstreamer/svn/trunk/gst-fluendo-mp3/
this will need to be fuzzed
Assignee: nobody → cdiehl
Whiteboard: [pending secreview] → [secr:cdiehl][fuzzing needed]
(Reporter)

Comment 2

7 years ago
fuzzing is good!
(Assignee)

Comment 3

7 years ago
Runs.
(Assignee)

Updated

7 years ago
Depends on: 740768
Status: NEW → ASSIGNED
(Assignee)

Comment 4

6 years ago
Stopping here since I haven't found more. Will continue when Fluendo is getting implemented into the tree to test the codec inside the Browser instead of gstreamer.
Keywords: sec-review-needed
Whiteboard: [secr:cdiehl][fuzzing needed] → [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy]
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings

Priority: N/A

Operational: 0 - N/A
User: 1 - Minor
Privacy: 0 - N/A
Engineering: 1 - Minor
Reputational: 2 - Normal

Priority Score: 0
Whiteboard: [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy] → [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy][score:0::Low]
(Assignee)

Comment 6

6 years ago
Marking this as resolved since it is an ongoing task in our fuzzing queue.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Summary: review fluendo mp3 decoder source → SecReview: Fluendo MP3 decoder
Whiteboard: [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy][score:0::Low] → [completed secreview][score:0::Low]
You need to log in before you can comment on or make changes to this bug.