Le Thu 02 Apr 09 à 01:26 +0200, Nico Golde a écrit : > > This is not a security issue. Because if you have access to the html > > interface and want to DoS vlc, you'd quicker to click on the "Close" > > button. > > Isn't this interface available if vlc is used to stream and > serves as a http server?
No. VLC can stream over HTTP and VLC have an html interface but the 2 things are completly separated. The access to the html interface is controled by a .hosts file. The .hosts distributed by upstream and debian allow only localhost to connect to the html interface. More detailed in http://thread.gmane.org/gmane.comp.video.videolan.vlc.devel/55854/focus=55901 The CVE is likely to end-uo being marked as "disputed" or rejected -- Xtophe -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

