Am Mittwoch, den 20.03.2013, 11:23 +0200 schrieb Henri Salo: > Hello, > > Could you check if Debian packages of VLC are affected of CVE-2013-1868, > thank you.
VLC 2.0.3-5 from testing is (probably) affected and VLC 2.0.5-1 from unstable is not affected. > References: > https://security-tracker.debian.org/tracker/CVE-2013-1868 > http://www.openwall.com/lists/oss-security/2013/03/17/1 > > http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 This git commit is not the correct commit. > http://www.videolan.org/security/sa1301.html > > I can submit bug if needed. At least I can't find that file, which was > changed. I would appreciate a bug report with an attached and tested patch. -- Benjamin Drung Debian & Ubuntu Developer _______________________________________________ pkg-multimedia-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
