Nico Golde <[email protected]> wrote:
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >- ------------------------------------------------------------------------- >Debian Security Advisory DSA-2257-1 [email protected] >http://www.debian.org/security/ Nico Golde >June 10, 2011 http://www.debian.org/security/faq >- ------------------------------------------------------------------------- > >Package : vlc >Vulnerability : heap-based buffer overflow >Problem type : local >Debian-specific: no >CVE ID : CVE-2011-2194 > >Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimedia >player and streamer, is prone to an integer overflow resulting in a >heap-based buffer overflow. This might allow an attacker to execute >arbitrary code by tricking a victim into opening a specially crafted >file. > > >The oldstable distribution (lenny) is not affected by this problem. > >For the stable distribution (squeeze), this problem has been fixed in >version 1.1.3-1squeeze6. > >For the testing (wheezy) and unstable (sid) distributions, this >problem will be fixed soon. > > >We recommend that you upgrade your vlc packages. > >Further information about Debian Security Advisories, how to apply >these updates to your system and frequently asked questions can be >found at: http://www.debian.org/security/ > >Mailing list: [email protected] > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.11 (GNU/Linux) > >iEYEARECAAYFAk3x8LQACgkQHYflSXNkfP8cVQCfXsLglWJUAsX/RfFYMesf4jOv >7qYAnilMfj3iqc7MsgjS1oFkzkPLgRAc >=rAAI >-----END PGP SIGNATURE----- > > >-- >To UNSUBSCRIBE, email to [email protected] >with a subject of "unsubscribe". Trouble? Contact [email protected] >Archive: http://lists.debian.org/[email protected] >
