Security Advisory 1003 Summary : Heap buffer overflow vulnerability in A/52, DTS and MPEG Audio decoders Invalid memory access in AVI, ASF, Matroska (MKV) demuxers Invalid memory access in XSPF playlist parser Invalid memory access in ZIP archive decompressor Heap buffer overflow in RTMP access Date : 19 April 2010 Affected versions : VLC media player 1.0.5 down to 0.5.0 ID : VideoLAN-SA-1003 CVE references : N/A (at the time of writing)
Arches, please test and mark stable: =media-video/vlc-1.0.6 Target keywords : "alpha amd64 ppc ppc64 sparc x86"
*** Bug 314011 has been marked as a duplicate of this bug. ***
I Tested on x86. It seems to be ok and works, but it spits out a compile error with USE="qt4 -X" and with the skins useflag it complains about not finding freetype, but i've got media-libs/freetype-2.3.11 installed!? configure: error: Could not find freetype (required for skins2) [ebuild R ] media-libs/freetype-2.3.11 USE="X -bindist -debug -doc -fontforge -utils" 0 kB
(In reply to comment #3) > I Tested on x86. It seems to be ok and works, but it spits out a compile error > with USE="qt4 -X" and with the skins useflag it complains about not finding > freetype, but i've got media-libs/freetype-2.3.11 installed!? > > configure: error: Could not find freetype (required for skins2) > > [ebuild R ] media-libs/freetype-2.3.11 USE="X -bindist -debug -doc > -fontforge -utils" 0 kB please open a new bug blocking this one with the full build log and config.log attached
Well done! :-) No failures left over here on x86!
stable x86, thanks Andreas
amd64 stable
ppc done
ppc64 done
alpha/sparc stable
GLSA together with bug 279340.
This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle).