http://secunia.com/advisories/23592/ vlc has a format string vulnerability in the handling of udp:// URLs or M3U files containing udp:// URLs. Exploits are already available for OS X (ppc and x86) from the vulnerability announcement URL. Impact is code execution with the privileges of the user running vlc.
setting status and CC'ing herd.
Sigh, I would have told it a couple of hours ago but bugzy died. vlc-0.8.6-r1 patched is in tree now.
arches please test and mark stable media-video/vlc-0.8.6-r1 target keywords: KEYWORDS="alpha amd64 sparc x86"
We have nothing to do here ...
x86 done
Alpha stable.
vlc not stable on ppc64 yet.
amd64 done
CVE-2007-0017
sparc stable. sorry for the delay on this one, but it was b0rked until i've rebuilt it with the just recently stabled wxGTK (rebuilding wxGTK & vlc over and over again didn't help it).
(In reply to comment #10) > sparc stable. > sorry for the delay on this one, but it was b0rked until i've rebuilt it with > the just recently stabled wxGTK (rebuilding wxGTK & vlc over and over again > didn't help it). > np, thanks Gustavo
GLSA 200701-24 missing moderation mail for -announce, closing when it hit the list
finally closing