Package: vlc Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for vlc.
CVE-2008-2430[0]: | The vulnerability is caused due to an integer overflow error within the | "Open()" function in "modules/demux/wav.c". This can be exploited to cause a | heap-based buffer overflow via a specially crafted WAV file having an overly | large "fmt" chunk. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Note that this is not yet on the mitre site, in the meantime see: http://secunia.com/advisories/30601/ Patch should be: http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff_plain;h=3de60bf5b886ad81d7c05d68dff7a1ba461c0ac1 For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2430 http://security-tracker.debian.net/tracker/CVE-2008-2430 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpwqcSkFFKG2.pgp
Description: PGP signature
