Package: vlc Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for vlc.
CVE-2008-1769[0]: | VLC before 0.8.6f allow remote attackers to cause a denial of service | (crash) via a crafted Cinepak file that triggers an out-of-bounds | array access and memory corruption. Patch: http://trac.videolan.org/vlc/changeset/d7e6e4afcecea38831282152d6e7af9a62989985 CVE-2008-1768[1]: | Multiple integer overflows in VLC before 0.8.6f allow remote attackers | to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real | demuxer, and (3) Cinepak codec, which triggers a buffer overflow. The MP4 demuxer issue is already partly covered by #467652, please also use: http://trac.videolan.org/vlc/changeset/3a6282755277ba9321d405c635e50da935d258a6 and http://trac.videolan.org/vlc/changeset/edca13e259472872fdfd456cf3ef4a21d1262c11 Real demuxer patch: http://trac.videolan.org/vlc/changeset/783ab03c7bd8ddedcd3dc5bad18efc70a4c57aaa Cinepack integer overflow patch: http://trac.videolan.org/vlc/changeset/18eb4fd5a75b6429d1d7058a8967696be701a00b If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1769 http://security-tracker.debian.net/tracker/CVE-2008-1769 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1768 http://security-tracker.debian.net/tracker/CVE-2008-1768 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp8pfuOJw3z9.pgp
Description: PGP signature
