Xpra: Ticket #749: restrict the DLLs we load on win32 to avoid those with known vulnerabilities

For example: flac changelog: Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962 (heap read overflow) in 1.3.1

Related to:

We should at least exclude flac on win32, it would also be a good idea to inspect all the media libraries we ship and blacklist the ones that are too out of date / vulnerable (hopefully this will leave some we can still use).



Mon, 01 Dec 2014 20:46:08 GMT - Antoine Martin: status changed

r8163 avoids flac on win32 with gstreamer 0.10 - should be backported.

We now need to go through the rest of the dlls..


Sun, 18 Jan 2015 10:45:17 GMT - Antoine Martin:

Backport in r8501.


Mon, 02 Feb 2015 09:52:53 GMT - Antoine Martin: status changed; resolution set

With the number of dlls we cannot replace since we cannot build GTK2 from source, I think it is just too hard to make the win32 safe. We need either a native client (pure pywin32?) or use GTK3 (#640).


Sat, 23 Jan 2021 05:04:50 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/749