-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3679-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : vlc Version : 3.0.20-0+deb10u1 CVE ID : CVE-2023-47359 CVE-2023-47360 Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359 Heap buffer overflow in the MMSH module. CVE-2023-47360 Integer underflow in the MMSH module. For Debian 10 buster, these problems have been fixed in version 3.0.20-0+deb10u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVpIQ4ACgkQiNJCh6LY mLGHLg/9GBSxTXHx2fj1c5Nqa9pFsMwLVgEt1YBUnsbHHlQFvbJT+MnjswrBZR/2 PjsiCCqqN0Yf0803h8Bf2JGxZRq/e+yBn0wfWke1mIl8Gb2o/IGmAW5xsUq1klZA 0n8/8Rdyych4XqiGIrdnhaxDwRH7ASFuRArFPXggtQEBFRxn5NMdRlxlq8Ks+Oy5 CSAfybAbF8Pyr7B08wr5KyI71BC+3UZZoMMqvuGqqNQvwX9aZX9MkBCJHz8WgwC3 CDHzXhhCjDYqvEOC8aaJRe4sI9TJ+yv6Tz1HFVqlbig9fzlb+kiY1hOSR0yVSQf2 dJyIRCmRDdh5VYDwhSEGh12LuF5TXSJ168chOabrp0TWp0s4rlq4AQhfRwSTMv5O MGCaMuNpjQhg8sxJ5HYnklbGe39+x/Es4kFSkcMzf1V86OpiEIdXdj8NFRvEf1tk h+b1UrIX9nWhuI02IHSx8J56Oa/8qZLjgDDnSds4/IMmJNYX35RNYxaY3melN8AD UNuSk9YI1arrfFqmB7fNQpwzG26usrUibDcf5lgxQiZoBgF/dzHAxjdjYbLQd6vq 681S5+BXeTXfqge5SqFlWrxVXSOjofmE5yWLVBbKKlwasNDfqYkxJZCsAMSmwQKq 4tfFPcbhV8x29lCDJbK9WMYI2P80tpWG853w+X0nf9Q5G+c+NkE= =aEDz -----END PGP SIGNATURE-----