For example: flac changelog: Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962 (heap read overflow) in 1.3.1
Related to:
We should at least exclude flac on win32, it would also be a good idea to inspect all the media libraries we ship and blacklist the ones that are too out of date / vulnerable (hopefully this will leave some we can still use).
r8163 avoids flac on win32 with gstreamer 0.10 - should be backported.
We now need to go through the rest of the dlls..
Backport in r8501.
With the number of dlls we cannot replace since we cannot build GTK2 from source, I think it is just too hard to make the win32 safe. We need either a native client (pure pywin32?) or use GTK3 (#640).
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/749