retitle 502726 vlc: CVE-2008-4654, CVE-2008-4686 buffer overflow in ty parsing
and multiple integer overflows
thanks
Hi Rémi,
* Rémi Denis-Courmont <[EMAIL PROTECTED]> [2008-10-19 20:22]:
> Le dimanche 19 octobre 2008 19:35:25 Nico Golde, vous avez écrit :
> > > See also http://www.videolan.org/s
tags 502726 + experimental
thanks
Le dimanche 19 octobre 2008 19:35:25 Nico Golde, vous avez écrit :
> > See also http://www.videolan.org/security/sa0809.html
>
> Are you sure that 0.8.6.h-4 in unstable is affected?
> Looking at
> http://git.videolan.org/?p=vlc.git;a=blob;f=modules/demux/ty.c;h=65
Hi Remi,
* Remi Denis-Courmont <[EMAIL PROTECTED]> [2008-10-19 17:44]:
> VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
> stack-based buffer overflow in the TY (TiVo) file parser.
>
> See also http://www.videolan.org/security/sa0809.html
Are you sure that 0.8.6.h-4 in unstable is af
Hi Remi,
* Remi Denis-Courmont <[EMAIL PROTECTED]> [2008-10-19 17:44]:
> VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
> stack-based buffer overflow in the TY (TiVo) file parser.
>
> See also http://www.videolan.org/security/sa0809.html
are you sure that this is the case in 0.8.6.h
Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole
VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.
See also http://www.videolan.org/security/sa0809.html
N.
5 matches
Mail list logo
