This bug was fixed in the package vlc - 1.1.4-1ubuntu1.5
---------------
vlc (1.1.4-1ubuntu1.5) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted width
- debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
src/video_output/video_output.c.
- CVE-2010-3275
- CVE-2010-3276
* SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
- debian/patches/CVE-2011-1684.patch: fix buffer overflow in
modules/demux/mp4/libmp4.c.
- CVE-2011-1684
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 13 Apr 2011 23:21:01
-0400
** Changed in: vlc (Ubuntu Maverick)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3275
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3276
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1684
** Changed in: vlc (Ubuntu Lucid)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/756368
Title:
Heap overflow in MP4 demuxer
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
