[Playlist] First XSPF-related security issue? -- was: Re: [oss-security] CVE id request: vlc
Sebastian Pipping
webmaster at hartwork.org
Wed Oct 15 17:57:08 UTC 2008
Lucas Gonze wrote:
> Though it's worth pointing out that there is an error in the
> understanding of XSPF: "The identifier attribute is a numeric value that
> indicates the position of the track in the tracklist. " They're
> thinking of the trackNum element, which indicates the position of a
> recording from an album in the original album sequence.
I don't think they mixed it up with <trackNum> as they are referencing
the identifiers in a playlist extension:
<playlist ...>
...
<trackList>
<track>
<identifier>0</identifier>
...
</track>
<track>
<identifier>1</identifier>
...
</track>
...
</trackList>
<extension application="http://www.videolan.org/vlc/playlist/0">
<item href="0" />
<item href="1" />
...
</extension>
</playlist>
If I remember correctly this extension is VLC's way to put
several ("virtual") playlists into a single XSPF document.
Sebastian
More information about the Playlist
mailing list