oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: VLC / Asterisk

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 06 Jul 2012 11:19:23 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/06/2012 08:55 AM, Moritz Muehlenhoff wrote:

Hi,

Please assign CVE IDs:

1. heap-based buffer overflow in VLC's Ogg demuxer Fixed in the VLC
2.0.2 release

Commit: 
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e


Please



use CVE-2012-3377 for this issue.


2. asterisk: Possible resource leak on uncompleted re-invite
transactions 
http://downloads.asterisk.org/pub/security/AST-2012-010.html


Splitting this issue into a separate email thread.


Cheers, Moritz




- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP9x4bAAoJEBYNRVNeJnmTepIQAIfun+T8HGlTN+Wqg3scHa69
o83lg53s9TxuyY8cwXS82bSfPpwk9eLg+YL0huF+yTG6Ziqq4txEo5FQdVzWPJ4p
qveE4qglOevmCNuenU3w6YRUhxX6cXvyWHg0RpFianZKrmn6xn4doguik/9NLg6w
KGPk/9eoTYpQ8mrw1kRbA5ClRLvfZCPkXFzu3xOKKBcLKhAmruLFQwHR5ykC28PN
ydbbHnbE2QQhXwFsEt4g1x1dBeGq7Jgj9fsE0FI52WvjPlAOhGJaw+wA3xijy9fy
N8GF4feqxuP7xbkD3KRfcKTXyXgLXRvMQ/NtFN0LxfvWthVCv+63soC2RFLBuw7g
WbE7AdOv/a1BhaX66LfcGFA5m4P64GNrBbz6/BMLzbzGtIUIgV2/OYCXRWJ8QPnq
jDWKK5lgyjwyKKrq73/DLJP5CcjulCdB9ErBbcdPgZ9cezukvdki2cVOJj3EhC93
ibFbdZZSE/WYwYiPajQ0ZPUW5VZrfF2uiqoCkW2fbg1SNfpOzQMnEzbdGljIZAPZ
TMH63p2n9Bt4Ct0JlsvZ0phpPQbMXVMkXqpkQXfKELcX4jjD2pRcIm7F/7tG9YqP
KvzoBJRvaH0+Or7UMuL7fXZ1BbemEWJ9AMoRo/9jEZXerPTeekeVlku4KGxQeNEs
K0sNKSlCM48/RdGLRqfH
=wIFY
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: