Summary: | <media-video/vlc-2.0.2: DoS via crafted MP4 (CVE-2012-2396) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2396 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 408881 |
Description
GLSAMaker/CVETool Bot
![]() Please confirm that this is fixed in subsequent versions of media-video/vlc. There is nothing in change log about this, and no clear information as to what version this was fixed in. Other distress have this in version 2.0.2. If I'm not mistaken this issue was fixed in taglib 1.7.2 c.f. http://mail.kde.org/pipermail/taglib-devel/2012-April/002244.html . Since this is listed for VLC, does it use any code form this library inline, or does it solely rely on it as a shared library? Fixed in 2.0.2 as per: http://www.videolan.org/developers/vlc/NEWS 2.0.2 no longer in tree, setting to GLSA so that GLSA can be released. This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle). |