Comment 7 for bug 207284

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release.c-0ubuntu5.2

---------------
vlc (0.8.6.release.c-0ubuntu5.2) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #207284)
   + debian/patches/031_CVE-2008-1489.diff
    - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
      remote attackers to cause a denial of service (crash) and possibly
      execute arbitrary code via a crafted MP4 RDRF box that triggers a
      heap-based buffer overflow.

  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

 -- Emanuele Gentili <email address hidden> Tue, 01 Apr 2008 02:33:08 +0200