** Also affects: vlc (Ubuntu Artful)
Importance: Undecided
Assignee: Simon Quigley (tsimonq2)
Status: In Progress
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1693893
Title:
Possible remote code execution related to subtitles
Status in vlc package in Ubuntu:
In Progress
Status in vlc source package in Xenial:
In Progress
Status in vlc source package in Zesty:
In Progress
Status in vlc source package in Artful:
In Progress
Bug description:
VLC 2.2.5.1 fixes buffer overflow and out of bound read bugs related to
subtitle decoding. A company called "Check Point" appears to have reported
them, but they did not release any details. [1]
At least the following 5 commits relate to these bugs: [2]
Presumably all currently supported Ubuntu releases are affected by at
least one bug fixed by the patches.
By the way, there seem to be other security related commits in VLC
that might need backporting, e.g. [3] [4]
[1]: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
[2]:
https://github.com/videolan/vlc/search?q=checkpoint&type=Commits&utf8=%E2%9C%93
[3]:
https://github.com/videolan/vlc/search?o=desc&p=1&q=overflow&s=committer-date&type=Commits&utf8=%E2%9C%93
[4]:
https://github.com/videolan/vlc/search?o=desc&q=out+of+bound&s=committer-date&type=Commits&utf8=%E2%9C%93
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
