Delete emulators/zsnes

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Delete emulators/zsnes

Anthony J. Bentley-4
zsnes has holes that allow malicious ROMs to execute code on the host:
https://www.youtube.com/watch?v=Q3SOYneC7mU

Our port was last updated 10 years ago. The current release of zsnes
(1.51, which is still vulnerable) was released 8 years ago.

We have two alternative SNES emulators in tree, snes9x and mednafen.
zsnes is also i386-only, so it is becoming increasingly irrelevant.

ok to remove it?

Reply | Threaded
Open this post in threaded view
|

Re: Delete emulators/zsnes

Stuart Henderson-6
On 2016/01/17 03:02, Anthony J. Bentley wrote:

> zsnes has holes that allow malicious ROMs to execute code on the host:
> https://www.youtube.com/watch?v=Q3SOYneC7mU
>
> Our port was last updated 10 years ago. The current release of zsnes
> (1.51, which is still vulnerable) was released 8 years ago.
>
> We have two alternative SNES emulators in tree, snes9x and mednafen.
> zsnes is also i386-only, so it is becoming increasingly irrelevant.
>
> ok to remove it?

This sounds like a good candidate for the Attic :)  Ok.

Reply | Threaded
Open this post in threaded view
|

Re: Delete emulators/zsnes

Florian Stinglmayr-2
In reply to this post by Anthony J. Bentley-4
On Sun, Jan 17, 2016 at 03:02:15AM -0700, Anthony J. Bentley wrote:
> zsnes has holes that allow malicious ROMs to execute code on the host:
> https://www.youtube.com/watch?v=Q3SOYneC7mU
>
> Our port was last updated 10 years ago. The current release of zsnes
> (1.51, which is still vulnerable) was released 8 years ago.
>
> We have two alternative SNES emulators in tree, snes9x and mednafen.
> zsnes is also i386-only, so it is becoming increasingly irrelevant.
>

Since mednafen now has decent network support I whole heartedly agree.

> ok to remove it?
>

ok from me as someone who has switched from zsnes to mednafen.

Regards,
Florian

Reply | Threaded
Open this post in threaded view
|

Re: Delete emulators/zsnes

Ryan Freeman
In reply to this post by Anthony J. Bentley-4
On Sun, Jan 17, 2016 at 03:02:15AM -0700, Anthony J. Bentley wrote:

> zsnes has holes that allow malicious ROMs to execute code on the host:
> https://www.youtube.com/watch?v=Q3SOYneC7mU
>
> Our port was last updated 10 years ago. The current release of zsnes
> (1.51, which is still vulnerable) was released 8 years ago.
>
> We have two alternative SNES emulators in tree, snes9x and mednafen.
> zsnes is also i386-only, so it is becoming increasingly irrelevant.
>
> ok to remove it?
>

yeah snes9x (and seemingly mednafen which may or may not use snes9x
as its snes emulator core anyway)  both far exceed what zsnes was
capable of.  kill it with fire, if zsnes 2.0 ever sees light of day
maybe we can reconsider it, buuut between snes9x, various versions
of bsnes/higan floating around and mednafen, snes emu is definitely
covered.

another vote for ok (for removal!)

Cheers
--ryan