Hi, * Christophe Mutricy <[email protected]> [2009-04-02 00:36]: > Le Wed 01 Apr 09 à 13:17 +0200, Nico Golde a écrit : > > CVE-2009-1045[0]: > > | requests/status.xml in VLC 0.9.8a allows remote attackers to cause a > > | denial of service (stack consumption and crash) via a long input > > | argument in an in_play action. > > This is not a security issue. Because if you have access to the html > interface and want to DoS vlc, you'd quicker to click on the "Close" > button. > > Anyway it's fixed in 0.9.9 which i am packaging atm.
Isn't this interface available if vlc is used to stream and serves as a http server? Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpa5qea1KGVO.pgp
Description: PGP signature

