[Playlist] First XSPF-related security issue? -- was: Re: [oss-security] CVE id request: vlc
webmaster at hartwork.org
Wed Oct 15 17:57:08 UTC 2008
Lucas Gonze wrote:
> Though it's worth pointing out that there is an error in the
> understanding of XSPF: "The identifier attribute is a numeric value that
> indicates the position of the track in the tracklist. " They're
> thinking of the trackNum element, which indicates the position of a
> recording from an album in the original album sequence.
I don't think they mixed it up with <trackNum> as they are referencing
the identifiers in a playlist extension:
<item href="0" />
<item href="1" />
If I remember correctly this extension is VLC's way to put
several ("virtual") playlists into a single XSPF document.
More information about the Playlist