Summary: | media-video/vlc < 0.8.6e MP4 demuxer Code execution (CVE-2008-0984) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fmccor, media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.videolan.org/security/sa0802.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-02-26 22:47:44 UTC
Patch is here: http://www.videolan.org/patches/vlc-0.8.6-CORE-2008-0130.patch And this should be fixed in the "e" release, whenever that goes public. So I'd go for patching our 0.8.6d-r1. Media-video, what do you think? http://download.videolan.org/pub/videolan/vlc/0.8.6e/vlc-0.8.6e.tar.bz2 exists it's been tagged a few days ago, but I didn't see an announcement yet. lemme check what's up with this 0.8.6e is officially released. (In reply to comment #3) > 0.8.6e is officially released. > yeah but the build hadn't finished when I had to leave home ;) I'll bump it most likely this evening (In reply to comment #4) > (In reply to comment #3) > > 0.8.6e is officially released. > > > > yeah but the build hadn't finished when I had to leave home ;) > > I'll bump it most likely this evening > its bumped now Please arches do: media-video/vlc-0.8.6e target keywords are "alpha amd64 ppc ~ppc64 sparc x86 ~x86-fbsd" x86 stable Initial test on sparc results in a BadAlloc error from X followed by a SegFault. I'll investigate further on another system, but for now, I'm holding off on sparc. (In reply to comment #8) > Initial test on sparc results in a BadAlloc error from X followed by a > SegFault. I'll investigate further on another system, but for now, I'm holding > off on sparc. > This problem is specific to one out-of-date system. On my reference system (whick is completely current) it does not occur. Hence, Stable for sparc. alpha stable, thanks Tobias ppc stable amd64 stable, sorry for the delay. Fixed in release snapshot. GLSA 200803-13 |