Summary: | [GStreamer] HLS, DASH, and Smooth Streaming implementations ignore proxy settings | ||
---|---|---|---|
Product: | Security | Reporter: | Michael Catanzaro <mcatanzaro> |
Component: | Security | Assignee: | WebKit Security Group <webkit-security-unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | CC: | aboya, bfulgham, calvaris, cturner, mcatanzaro, pnormand, product-security, webkit-bug-importer |
Priority: | P2 | Keywords: | InRadar |
Version: | WebKit Nightly Build | ||
Hardware: | PC | ||
OS: | Linux |
Description
Michael Catanzaro
2019-01-23 07:44:45 PST
So what's left to be done for this? Make sure GStreamer is using the SoupNetworkSession in the NetworkProcess to download stuff. Then nothing more should be required. You've already succeeded at that, right? So we can close this now? We should also request a CVE, because this is a deanonymization issue. (In reply to Michael Catanzaro from comment #4) > Make sure GStreamer is using the SoupNetworkSession in the NetworkProcess to > download stuff. Looks like it does! A single SoupNetworkSession is created in the NetworkProcess during HLS playback, and souphttpsrc is no longer used for fragments downloading. > Then nothing more should be required. You've already > succeeded at that, right? So we can close this now? > I suppose, yes. > We should also request a CVE, because this is a deanonymization issue. If you say so :) I'll handle the CVE request. Is r243197 the commit that fixed this? Please help me find the commit that fixed it. :) Note: I wrote some recommendations https://trac.webkit.org/wiki/WebKitGTK/MaintenanceTips#CVERequests about when we should request CVEs. https://trac.webkit.org/changeset/243197/webkit is the commit that fixed this. |