Secunia writes: g_ has discovered a vulnerability in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error within the "Open()" function in modules/demux/tta.c. This can be exploited to cause a heap-based buffer overflow via specially crafted TTA data. Successful exploitation may potentially allow execution of arbitrary code. The vulnerability is confirmed in version 0.8.6i. Other versions may also be affected. SOLUTION: Do not open untrusted files using VLC Media Player. PROVIDED AND/OR DISCOVERED BY: g_, Orange Bat ORIGINAL ADVISORY: http://www.orange-bat.com/adv/2008/adv.08.16.txt
0.8.6i-r1 is fixed and is the stable candidate. 0.9 (ie for ~arch) will be fixed when 0.9.0 final will be released (it was expected this week end last I heard). There will probably be no 0.8.6j release but 0.9.0 is still too young, so we shall go with a -r1. Also, please have a look at: http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048308.html
(In reply to comment #1) > Also, please have a look at: > http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048308.html Thanks for the pointer. 'very unlikely' is not good enough to decrease severity, but good to know. Concerning CVE not contacting upstream: That's normal procedure, often the information gets upstream through distributions.
Arches, please test and mark stable: =media-video/vlc-0.8.6i-r1 Target keywords : "alpha amd64 ppc sparc x86"
sparc stable
amd64/x86 stable
arches, please stable per bug 235589.
GLSA 200809-06