oss-sec mailing list archives
Re: CVE request: VLC
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 30 Sep 2013 18:33:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/30/2013 03:31 PM, Laurent Butti wrote:
Hi, I have found a security issue in vlc 2.0.8 which was reported to VLC team and fixed in both 2.0.9 and 2.1.0 (as "Fix buffer overflow in the mp4a packetizer"). Here are the commit log and changelog: * http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
* http://www.videolan.org/developers/vlc-branch/NEWS
Could a CVE be assigned? Thanks, Laurent Butti.
Thanks, please use CVE-2013-4388 for this issue. Also do you know anything about: Demuxers: * Add protection against several potential heap buffer overflow in libebml how potential are we talking? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSShhdAAoJEBYNRVNeJnmTrnAP/jQ9KDaZZU0hYRg98Ee/E+DG 5JMlvb8nge3TbdzgA38tE1J6oTALI/YiCFduyXJqieKdUiMDT7zqXPdg/Rtnimmj pcI4YHvLybHNS34sr9+mOSTq55kJfHrywmCboIkZE/lCQ0UX4LmsfR421lAWkUas XKgCA0B+MZPVlFx9BTJ6JUP0TbKtDIEmje6Tm1KTeyfgDgpp1nLmF237+mFfH/cC DTYmC3M8GhYltzQdIgTJCkBNfG0JOuS1NYdOWvsn3vSYpcC2nvqhzBJZwFWVR+ym iA9LcdS+hKvk/EWAVEw3vvlGfcbB6qAfE+Xkyo4SMEHoikcQlExiYvlet0YXIahK 1Vsqnw1n9qTx4/mlDaXLFULMKj7PvC55wbhs3IPe51Y08icbmg4Egl4LzcYM7634 Z0RQeF90WcrFhwJuaemxhC0SKtZYHZgfMvpLzMVlTLjEAFtxJ0ggnYopRdR/kg+t P/vdWu1J+M32gPQLQ7cUYTzeNUrIsg/kPoiwLzcvgsgvPQIkIVqCWHQ1aXJee0YV dgh3ygWFX5tzoOETlFbF5KszWAqi1r2aHpsGPQaDdrht6I0pyABWYdOucTg1EE09 SmiPbwHVx9o14dk2oFF4ocblYdeIFmkw8frfdxfjghidA0mE+Oslk04io5v2AIhN 51EibobpfKQ3CTaQhD4Z =d92s -----END PGP SIGNATURE-----
Current thread:
- CVE request: VLC Laurent Butti (Sep 30)
- Re: CVE request: VLC Kurt Seifried (Sep 30)
- Re: CVE request: VLC Laurent Butti (Sep 30)
- Re: CVE request: VLC Kurt Seifried (Sep 30)