Bug#429726: vlc: Multiple format string vulnerabilities (VideoLAN-SA-0207)
Rémi Denis-Courmont
rdenis at simphalempin.com
Tue Jun 19 18:53:18 UTC 2007
Package: vlc
Version: 0.8.6.a.debian-6
Severity: grave
Tags: security, fixed-upstream
Justification: user security hole
VLC versions in old-stable, stable and unstable are affectd by multiple
remotely triggerable format string vulnerabilities, addressed in
upstream release 0.8.6c.
http://www.videolan.org/sa0702.html
Sorry for the inconvenience,
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc depends on:
ii libaa1 1.4p5-32 ascii art library
ii libatk1.0-0 1.18.0-2 The ATK accessibility
toolkit
ii libc6 2.5-11 GNU C Library: Shared
libraries
ii libcaca0 0.99.beta11.debian-3 colour ASCII art library
ii libcairo2 1.4.6-1.1 The Cairo 2D vector
graphics libra
ii libcdio6 0.76-1 library to read and control
CD-ROM
ii libcucul0 0.99.beta11.debian-3 low-level Unicode character
drawin
ii libdbus-1-3 1.1.0-1 simple interprocess
messaging syst
ii libdbus-glib-1-2 0.73-2 simple interprocess
messaging syst
ii libfontconfig1 2.4.2-1.2 generic font configuration
library
ii libfreetype6 2.2.1-6 FreeType 2 font engine,
shared lib
ii libfribidi0 0.10.7-4 Free Implementation of the
Unicode
ii libgcc1 1:4.2-20070609-1 GCC support library
ii libgl1-mesa-glx [li 6.5.2-5 A free implementation of
the OpenG
ii libglib2.0-0 2.12.12-1 The GLib library of C
routines
ii libglu1-mesa [libgl 6.5.2-5 The OpenGL utility library
(GLU)
ii libgtk2.0-0 2.10.13-1 The GTK+ graphical user
interface
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange
library
ii libiso9660-4 0.76-1 library to work with
ISO9660 files
ii libjpeg62 6b-13 The Independent JPEG
Group's JPEG
ii libnotify1 0.4.4-3 sends desktop notifications
to a n
ii libpango1.0-0 1.16.4-1 Layout and rendering of
internatio
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libsdl-image1.2 1.2.5-3 image loading library for
Simple D
ii libsdl1.2debian 1.2.11-9 Simple DirectMedia Layer
ii libsm6 2:1.0.3-1 X11 Session Management
library
ii libstdc++6 4.2-20070609-1 The GNU Standard C++
Library v3
ii libtar 1.2.11-4 C library for manipulating
tar arc
ii libtiff4 3.8.2-7 Tag Image File Format
(TIFF) libra
ii libvcdinfo0 0.7.23-3 library to extract
information fro
ii libvlc0 0.8.6.a.debian-6 multimedia player and
streamer lib
ii libwxbase2.6-0 2.6.3.2.1.5 wxBase library (runtime) -
non-GUI
ii libwxgtk2.6-0 2.6.3.2.1.5 wxWidgets Cross-platform
C++ GUI t
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.8-2 X cursor management library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension
librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes'
extensio
ii libxi6 1:1.0.1-4 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension
library
ii libxosd2 2.2.14-1.3 X On-Screen Display
library - runt
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.2-1 X Rendering Extension
client libra
ii libxv1 1:1.0.3-1 X11 Video extension library
ii libxxf86vm1 1:1.0.1-2 X11 XFree86 video mode
extension l
ii ttf-dejavu 2.17-2 Vera font family derivate
with add
ii vlc-nox 0.8.6.a.debian-6 multimedia player and
streamer (wi
ii zlib1g 1:1.2.3-15 compression library -
runtime
Versions of packages vlc recommends:
pn videolan-doc <none> (no description available)
-- no debconf information
--
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20070619/a2f750ea/attachment.pgp
More information about the pkg-multimedia-maintainers
mailing list