Package: vlc Version: 0.8.6.c-4 Severity: grave Tags: security Justification: user security hole
These pages http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html https://trac.videolan.org/vlc/ticket/1371 describe a security issue which allows to write to arbitrary files with mozilla-plugin-vlc. According to http://www.securityfocus.com/archive/1/485488/30/0/threaded , there are two more unfixed security issues in vlc: A] buffer-overflow in the handling of the subtitles B] format string in the web interface AFAIK there are no CVE ids for these issues yet. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
