| Summary: | <media-video/vlc-2.0.9: buffer overflow vulnerability (CVE-2013-4388) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | media-video |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2013/10/01/1 | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 476436 | ||
*** Bug 488086 has been marked as a duplicate of this bug. *** @maintainers, ping! Is 2.0.9 ready for stabilization? Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle). |
From ${URL} : I have found a security issue in vlc 2.0.8 which was reported to VLC team and fixed in both 2.0.9 and 2.1.0 (as "Fix buffer overflow in the mp4a packetizer"). Here are the commit log and changelog: * http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e * http://www.videolan.org/developers/vlc-branch/NEWS @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.