I understood they backport security updates, but is that also for apps in the software manager? For example: Currently I am using Mint. The VLC version there is 3.0.20 which is behind 2 years (current is 3.0.23). According to the releases of VLC, it indicated security fixes. Do these get fixes within the old number or are they neglected? What do you think? I concord by the wya on what you say related to rolling distro vs stable.
ui3bg4r
joined 1 day ago
And I never worried one time in my life about exploits in media files, it’s just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.
Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.
Executable files aren’t going to execute themselves. If you don’t chmod +x them they shouldn’t execute at all even if you click them. I guess it can depend on your system.
I am much more concerned about internet facing applications like a web browser or torrent client.
True, the combination of Media Player exploit + Linux + not patched, it is very unlikely. However, what if he is using a Debian based distro? Those may have a couple of year old version of VLC installed in the package manager for example...
Ah, interesting. So in principle they wouldn't leave a VLC or Media player with a big bug out there for long. The VLC of Mint is actually older 3.0.20-3build6 and it also looks like backported 3 times. I thought they were the same as Ubuntu but apparently not.