A security problem has been found in vlc, any version <0.8.6c (that has just been released to fix that) is vulnerable, see url for details Official changelog is : Changes between 0.8.6b and 0.8.6c: ---------------------------------- Various bugfixes, notably: * Windows Vista compatibility * Cropping in Direct3D * Fullscreen change crash on Mac OS X * RSS filter string overflow * Few memory leaks * MKV demuxer crash (related to seeking) CDDA / Vorbis / Theora / SAP plugins: * Security updates (VideoLAN-SA-0702) Demuxers: * Fixed a problem with detecting embedded subtitles (GAB2 format) in AVI Decoders: * Updated FLAC API compatibility Input: * Support for new v4l2 encoder API Localisation: * New localisation: Arabic, Persian I tend to consider this grave and worth a premature stabilisation. From my (maintainer) point of view, a premature stabilisation should be sane as there are only bugfixes differences between 0.8.6b (that is already stable on most arches, bug #179862) and 0.8.6c (no feature added) I'm not sure what's your (security team) way of handling such things, so I'll let you add arches if you think it's appropriate
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3316 Adding arches as security is not answering and I really don't like having such a bug in stable. vlc 0.8.6c is almost the same as 0.8.6b withtout the security issues, please test and mark it stable
Adding arches (for real this time, hopefuly) as security is not answering and I really don't like having such a bug in stable. vlc 0.8.6c is almost the same as 0.8.6b withtout the security issues, please test and mark it stable
amd64 done
sparc stable.
@Alexis, sorry for the late answer. My dev box died and I had to replace it. Thx for my work :)
alpha/x86 stable
ppc stable
GLSA 200707-12, thanks everybody!