Tracing binaries statically linked against vulnerable libs
Andrew Pantyukhin
infofarmer at FreeBSD.org
Thu Oct 5 22:35:32 PDT 2006
I wonder if there is a way to deal with statically linked binaries,
which use vulnerable libraries.
There's this advisory:
http://www.vuxml.org/freebsd/964161cd-6715-11da-99f6-00123ffe8333.html
But mplayer and libxine are linked statically against ffmpeg,
as are reportedly many other apps like gstreamer. Of course
I can install every port that requires ffmpeg directly, look for
"lavc" strings and compare it to ldd output, but it sounds like
a nightmare.
Thanks!
More information about the freebsd-hackers
mailing list