Multiple Vulnerabilities
CVE-2017-8313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8313): Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. CVE-2017-8312 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8312): Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. CVE-2017-8311 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8311): Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. CVE-2017-8310 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8310): Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
CC'ing proxy maintainer
I checked the commits referenced in each of the CVE links, and they're all present in 2.2.6 which I've bumped.
*** Bug 618308 has been marked as a duplicate of this bug. ***
(In reply to Michael Palimaka (kensington) from comment #3) > I checked the commits referenced in each of the CVE links, and they're all > present in 2.2.6 which I've bumped. Thanks, I can confirm this! Let's already start stabilization, vulnerabilities are allowing code execution and are already actively used. @ Arches, please test and mark stable: =media-video/vlc-2.2.6
arm stable
amd64 stable
x86 stable
ppc64 stable
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
New GLSA request filed. @ Maintainer(s): Please drop =media-video/vlc-2.2.4-r1!
This issue was resolved and addressed in GLSA 201707-10 at https://security.gentoo.org/glsa/201707-10 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for cleanup.
@maintainers, please let us know if this can be cleaned. Thanks.
Since apparently there is no one here to answer, and I've touched vlc at least more than once in the past, I'll say please go ahead and cleanup 2.2.4.
In fact I went ahead and cleaned up already.
(In reply to Andreas Sturmlechner from comment #16) > In fact I went ahead and cleaned up already. Thanks, Andreas!