Not much more information besides vlc-2.0.2 NEWS file:
* Fix Ogg Heap buffer overflow
and this commit:
2.0.2 should be safe to stabilise though.
ok to proceed with stabilization?
Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG
demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2
allows remote attackers to cause a denial of service (application crash) and
possibly execute arbitrary code via a crafted OGG file.
@video, would you like us to stabilize 2.0.2 or 2.0.3?
Stabilize media-video/vlc-2.0.3 please
Already on existing GLSA draft.
This issue was resolved and addressed in
GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml
by GLSA coordinator Sean Amoss (ackle).