This bug was fixed in the package vlc - 0.8.6.release.c-0ubuntu5.2
---------------
vlc (0.8.6.release.c-0ubuntu5.2) gutsy-security; urgency=low
* SECURITY UPDATE: (LP: #207284)
+ debian/patches/031_CVE-2008-1489.diff
- Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a crafted MP4 RDRF box that triggers a
heap-based buffer overflow.
* References
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
+
http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
-- Emanuele Gentili <[EMAIL PROTECTED]> Tue, 01 Apr 2008
02:33:08 +0200
** Changed in: vlc (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** Changed in: vlc (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
[CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e
https://bugs.launchpad.net/bugs/207284
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
