checked source code of
1.1.3-1squeeze6. Sorry but I do not know, which situation this issue can lead,
but usually heap overflows should be fixed as soon as possible.
http://cwe.mitre.org/data/definitions/122.html
- Henri Salo
-- System Information:
Debian Release: 6.0.5
APT prefers stable
http://securitytracker.com/id/1027224 says:
"A remote user can create a specially crafted file that, when loaded by the
target user, will trigger a heap overflow and execute arbitrary code on the
target system. The code will run with the privileges of the target user."
___
Package: vlc
Version: 2.1.2-2
Severity: important
Tags: security, fixed-upstream
Patch available:
http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404
---
Henri Salo
signature.asc
Description: Digital signature
Do you still have this issue with version 2.2.2-1?
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
Do you have any more information about this? It is quite hard to fix security
vulnerability without any details.
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Have you requested CVE already? If you want I can verify this issue and create
the request.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQOzeYACgkQXf6hBi6kbk8dlgCdFm+h5UIJ80dqKfB0oojjiQBq
Has this issue been reported to upstream?
--
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Attaching reproducer file from reporter.
881133-poc
Description: Binary data
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainer
Attached patches from upstream, which apply to 1.2.1-6. DSA should be created.
---
Henri Salo
--- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200
+++ src/libFLAC/stream_decoder.c 2014-11-25 13:48:39.697566936 +0200
@@ -94,7 +94,7
oes not seem to be very
active.
--
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
=9b0414dc7f5c18ff2951175cf076779c444efd70
http://www.videolan.org/security/sa1301.html
I can submit bug if needed. At least I can't find that file, which was changed.
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multi
s issue
and currently no time to create patch for it. This is the reason I contacted you
via email. Please note that the commitdiff-link was in the CVE-request in
oss-security mailing list. I also prefer not to report the bug with unclear
details.
---
Henri Salo
signature.as
On Wed, Mar 20, 2013 at 09:54:30PM +0100, Benjamin Drung wrote:
> Is there test case / file that triggers this bug?
I don't have any. You can request such from upstream if you want or I can do it.
---
Henri Salo
signature.asc
Description: Digital s
After emailing back to this bug-report I noticed that I can't close nor open
windows in X at all. Could you verify this?
Best regards,
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
Well I tried this against 1.1.3-1squeeze3 and I am not able to reproduce in
1.1.3-1squeeze5. The exploit file is in:
http://www.zeroscience.mk/codes/aimp2_evil.mp3 (OSVDB ID: 62728). We can close
this case. Thank you for noticing this.
Best regards,
Henri Salo
some windows at all. Even kill -9 did not do anything. Could
someone verify this?
PoC-file: http://www.zeroscience.mk/codes/aimp2_evil.mp3
Best regards,
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.
16 matches
Mail list logo