9f83b0a62e
Both mentioned CVE IDs refer to vulnerabilities where a remote attacker can read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file. The new release fixes those in the process. PR: 206282 Reported by: sasamotikomi@gmail.com MFH: 2016Q1 Security: CVE-2016-1897 CVE-2016-1898