Package: vlc Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for vlc.
CVE-2008-0073CVE-2008-0073[0]: | Array index error in the sdpplin_parse function in | input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP | servers to execute arbitrary code via a large streamid SDP parameter. It turned out that vlc is also using that code in modules/access/rtsp/real_sdpplin.c Find a patch for the above issue on: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=12cb075fba8ea09813fc35e0c731d2a64265b637;style=raw If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073CVE-2008-0073 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgptN6e56B7B0.pgp
Description: PGP signature
