On 16 Aug, Reinhard Tartler wrote :
> Control: tag -1 upstream
>
> On Mon, Feb 3, 2014 at 10:08 AM, Raphael Geissert wrote:
> > Package: vlc
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > vlc uses libtar to unpack skins, however, its use on untrusted data
> > exposes it to CVE-201
Control: tag -1 upstream
On Mon, Feb 3, 2014 at 10:08 AM, Raphael Geissert wrote:
> Package: vlc
> Severity: important
> Tags: security
>
> Hi,
>
> vlc uses libtar to unpack skins, however, its use on untrusted data
> exposes it to CVE-2013-4420 (#731860).
>
> Changing the behaviour of libtar app
Processing control commands:
> tag -1 upstream
Bug #737534 [vlc] vlc: unsafe use of libtar
Added tag(s) upstream.
--
737534: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737534
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
___
Package: vlc
Severity: important
Tags: security
Hi,
vlc uses libtar to unpack skins, however, its use on untrusted data
exposes it to CVE-2013-4420 (#731860).
Changing the behaviour of libtar appears to be problematic because
some applications have relied on the, lack of, path sanitation (cf.
ht
