Am Mittwoch, den 20.03.2013, 13:56 +0200 schrieb Henri Salo: > > VLC 2.0.3-5 from testing is (probably) affected and VLC 2.0.5-1 from > > unstable is not affected. > > Could you submit this information to security tracker after you have verified > it?
It's fixed in VLC 2.0.5 according to upstream. > > > > > > http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 > > > > This git commit is not the correct commit. > > Removed from security tracker. Do you know what is the correct commitdiff? No. The commits between 2.0.4 and 2.0.5 needs to be checked. I found two commits: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=74ff87cc141bc1b88a38ee90f95b3d935c938a56 http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=8e8b02ff1720eb46dabe2864e79d47b40a2792d5 > > I would appreciate a bug report with an attached and tested patch. > > I can submit a bug to BTS, but I don't have knowledge/skills to test this > issue > and currently no time to create patch for it. This is the reason I contacted > you > via email. Please note that the commitdiff-link was in the CVE-request in > oss-security mailing list. I also prefer not to report the bug with unclear > details. Is there test case / file that triggers this bug? -- Benjamin Drung Debian & Ubuntu Developer _______________________________________________ pkg-multimedia-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
