Bug 424435 (CVE-2012-3377)

Comment 1 Agostino Sarubbo 2012-07-01 21:28:20 UTC

ok to proceed with stabilization?

Comment 2 GLSAMaker/CVETool Bot 2012-07-19 00:05:35 UTC

CVE-2012-3377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3377):
  Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG
  demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2
  allows remote attackers to cause a denial of service (application crash) and
  possibly execute arbitrary code via a crafted OGG file.

Comment 3 Sean Amoss (RETIRED) 2012-09-24 10:33:03 UTC

@video, would you like us to stabilize 2.0.2 or 2.0.3?

Comment 4 Ben de Groot (RETIRED) 2012-09-24 11:18:43 UTC

Stabilize media-video/vlc-2.0.3 please

Comment 5 Agostino Sarubbo 2012-09-24 19:14:18 UTC

amd64 stable

Comment 6 Agostino Sarubbo 2012-09-24 20:25:02 UTC

x86 stable

Comment 7 Brent Baude (RETIRED) 2012-10-05 14:24:47 UTC

ppc done

Comment 8 Raúl Porcel (RETIRED) 2012-10-07 14:05:40 UTC

alpha stable

Comment 9 Anthony Basile 2012-10-11 07:39:34 UTC

stable ppc64

Comment 10 Sean Amoss (RETIRED) 2012-10-11 13:06:39 UTC

Thanks, everyone.

Already on existing GLSA draft.

Comment 11 GLSAMaker/CVETool Bot 2014-11-05 22:09:42 UTC

This issue was resolved and addressed in
 GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml
by GLSA coordinator Sean Amoss (ackle).