Summary: | media-video/vlc <0.8.6i-r1 TTA Processing Integer Overflow (CVE-2008-3732) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/31512/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 235589 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
2008-08-19 22:25:31 UTC
0.8.6i-r1 is fixed and is the stable candidate. 0.9 (ie for ~arch) will be fixed when 0.9.0 final will be released (it was expected this week end last I heard). There will probably be no 0.8.6j release but 0.9.0 is still too young, so we shall go with a -r1. Also, please have a look at: http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048308.html (In reply to comment #1) > Also, please have a look at: > http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048308.html Thanks for the pointer. 'very unlikely' is not good enough to decrease severity, but good to know. Concerning CVE not contacting upstream: That's normal procedure, often the information gets upstream through distributions. Arches, please test and mark stable: =media-video/vlc-0.8.6i-r1 Target keywords : "alpha amd64 ppc sparc x86" sparc stable amd64/x86 stable arches, please stable per bug 235589. GLSA 200809-06 |