First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 159845
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Drew <aetius@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 159845 depends on: Show dependency tree
Bug 159845 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-01-03 05:38 0000 
http://secunia.com/advisories/23592/

vlc has a format string vulnerability in the handling of udp:// URLs or M3U
files containing udp:// URLs.  Exploits are already available for OS X (ppc and
x86) from the vulnerability announcement URL.  Impact is code execution with
the privileges of the user running vlc.

------- Comment #1 From Matt Drew 2007-01-03 05:40:13 0000 ------- 
setting status and CC'ing herd.

------- Comment #2 From Diego E. 'Flameeyes' Pettenò 2007-01-03 11:48:38 0000 ------- 
Sigh, I would have told it a couple of hours ago but bugzy died. vlc-0.8.6-r1
patched is in tree now.

------- Comment #3 From Tavis Ormandy (RETIRED) 2007-01-04 04:24:29 0000 ------- 
arches please test and mark stable media-video/vlc-0.8.6-r1

target keywords: KEYWORDS="alpha amd64 sparc x86"

------- Comment #4 From Tobias Scherbaum 2007-01-04 12:22:26 0000 ------- 
We have nothing to do here ...

------- Comment #5 From Christian Faulhammer 2007-01-04 12:49:52 0000 ------- 
x86 done

------- Comment #6 From Bryan Østergaard (RETIRED) 2007-01-06 13:39:35 0000 ------- 
Alpha stable.

------- Comment #7 From Markus Rothe 2007-01-07 11:45:05 0000 ------- 
vlc not stable on ppc64 yet.

------- Comment #8 From Malcolm Lashley (RETIRED) 2007-01-10 20:06:58 0000 ------- 
amd64 done

------- Comment #9 From Matt Drew 2007-01-12 18:37:42 0000 ------- 
CVE-2007-0017

------- Comment #10 From Gustavo Zacarias (RETIRED) 2007-01-15 21:17:00 0000 ------- 
sparc stable.
sorry for the delay on this one, but it was b0rked until i've rebuilt it with
the just recently stabled wxGTK (rebuilding wxGTK & vlc over and over again
didn't help it).

------- Comment #11 From Raphael Marichez 2007-01-15 23:30:24 0000 ------- 
(In reply to comment #10)
> sparc stable.
> sorry for the delay on this one, but it was b0rked until i've rebuilt it with
> the just recently stabled wxGTK (rebuilding wxGTK & vlc over and over again
> didn't help it).
> 

np, thanks Gustavo

------- Comment #12 From Matthias Geerdsen 2007-01-26 14:47:19 0000 ------- 
GLSA 200701-24

missing moderation mail for -announce, closing when it hit the list

------- Comment #13 From Matthias Geerdsen 2007-01-27 19:28:32 0000 ------- 
finally closing
First Last Prev Next    No search results available      Search page      Enter new bug