Bug#458318: Three security issues in vlc

Nico Golde nion at debian.org
Thu Jan 3 19:39:31 UTC 2008


retitle 458318 "Four security issues in vlc"
thanks

Hi Stefan,
* Stefan Fritsch <sf at sfritsch.de> [2007-12-30 12:56]:
> http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html
> https://trac.videolan.org/vlc/ticket/1371
> 
> describe a security issue which allows to write to arbitrary files with
> mozilla-plugin-vlc.
> 
> 
> According to http://www.securityfocus.com/archive/1/485488/30/0/threaded , there
> are two more unfixed security issues in vlc:
> 
> A] buffer-overflow in the handling of the subtitles
> B] format string in the web interface

There is an additional security issue which has been fixed
https://trac.videolan.org/vlc/changeset/22023

Vlc will crash because of a missing check for httpd_MsgGet 
returning NULL. This should be of a very low security 
impact.
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20080103/47365e80/attachment.pgp 


More information about the pkg-multimedia-maintainers mailing list