From secunia security advisory at $URL: Description: The vulnerability is caused due to a double-free error within the "get_chunk_header()" function (modules/demux/ty.c) of the TiVo demuxer and can be exploited to corrupt memory by e.g. tricking a user into opening a specially crafted TiVo (*.ty) file. The vulnerability is reported in versions 0.9.0 through 1.1.12. Solution: Update to version 1.1.13
@Alexis, can you tell me if ty.c is compiled as default gentoo configuration or with a specific?
(In reply to comment #1) > @Alexis, can you tell me if ty.c is compiled as default gentoo configuration or > with a specific? yes its built by default ( /usr/lib64/vlc/plugins/demux/libty_plugin.so ) here. feel free to cc arches, 1.1.13 fixes a couple of other bugs too (see changelog)
(In reply to comment #2) > yes its built by default ( /usr/lib64/vlc/plugins/demux/libty_plugin.so ) here. > > > feel free to cc arches, 1.1.13 fixes a couple of other bugs too (see changelog) Sure, thanks Arches, please test and mark stable: =media-video/vlc-1.1.13 Target keywords : "alpha amd64 ppc ppc64 sparc x86"
x86/amd64 stable
ppc/ppc64 done
alpha/sparc stable
Thanks everyone. Added to existing glsa draft.
*** Bug 397553 has been marked as a duplicate of this bug. ***
CVE-2011-5231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5231): Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
CVE-2012-0023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0023): Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. CVE-2011-5231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5231): ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0023. Reason: This candidate is a duplicate of CVE-2012-0023. Notes: All CVE users should reference CVE-2012-0023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle).