Bug#595686: marked as done (vlc: stack overflow)

Sun, 07 Nov 2010 11:52:25 -0800 

Your message dated Sun, 7 Nov 2010 20:42:02 +0100
with message-id <20101107194202.gc7...@chewa.net>
and subject line Re: Bug#595686: vlc: stack overflow
has caused the Debian Bug report #595686,
regarding vlc: stack overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
595686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595686
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
package: vlc
severity: important
tags: security

a stack overflow exploit was published for vlc [0].  i tried the poc on
unstable, and it didn't work, which is why i've set the severity only to
important.  that may be due to payload being windows-only?  you may want
to check with upstream to make sure that the linux version is indeed
not affected.

thanks,
mike

[0] http://www.exploit-db.com/exploits/14892/

--- End Message ---
--- Begin Message --- 
Hello

Le Sun 05 Sep 10 à 15:58 -0400, Michael Gilbert a écrit :
> a stack overflow exploit was published for vlc [0].  i tried the poc on
> unstable, and it didn't work, which is why i've set the severity only to
> important.  that may be due to payload being windows-only?  you may want
> to check with upstream to make sure that the linux version is indeed
> not affected.


I also can't reproduce on various Linux builds.

Upstream just published http://www.videolan.org/security/sa1006.html and
over IRC confimed it's the same issue.

And from the patch fixing the issue, it's indeed win32 specific.



-- 
Xtophe

--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to