Re: Re: CVE request - VLC 2.0.0 to 2.0.8

[Hanno Böck <hanno () hboeck de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, 03 Oct 2013 22:32:12 -0600
Kurt Seifried <kseifried () redhat com> wrote:

> Sorry forgot to reply. I'm not sure this is CVE worthy. In general
> crash bugs in services are CVE worthy, but crashes in client software
> are usually limited to things like email clients or web browsers where
> there is a high potential for processing untrusted data without much
> user interaction (e.g. displaying some random email or web page) whre
> you also have the potential to lose work (so there is an impact).
>
> In the case of VLC you load a nasty file, it crashes, you don't do it
> again. There's not really any impact. You don't lose any work.

VLC is used as a browser plugin and can also be embedded in other
applications.
(though I'm not aware if this can crash the whole browser with the
modern sandboxing stuff browsers do)

- -- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)

iQIcBAEBCgAGBQJSTnaJAAoJEKWIAHK7tR5CNk0QALuO9LtxhFcRasZIsIHZMEY7
1LDULOSR8HuBtjjbhFZKZde+jvH01686awnJRKGLHoFmFnmpVlCzmkbpPddj3pE3
FN6VsXW/1j5GtmffrdHnWDYRjzM237NDMPiHqg5dp0wHw7udiL/zR4hiGbn5S0sJ
xH5P94OhWiimMXAPtW1TGXdJRR66DuidYnHskl5526sHGyQtNeRkbjXZ3G00zlw9
j/zfzoPsqaN42VG/IL0jknCsyf7cgv0K4q8+q0mXW8GI/AkgBqMiFIcsnriRAMtM
NzNZ8HvxCGfqHbUrePETyWfT3MbKk5yRuZGgNESXw+H2LkyHwp+jJ13/1FBycAde
ZOwwzAltbvh0abqZccfc6sXqAabjnO3YxLsivaEEkKzYW38ta+D2oxySQgrUN/xx
NVaFv/xHPpNMxLxnC0ETtdfxmk+WbmrK3UBsMdj779y55A5c8Jsqc8Em/qi3SNoU
c6ad01tL6esB83D/TxPu3XLRdJmpR8TYV5HsvwwIEsU8olOdzMqIoyEaLSEFdl+w
vjksWChtS543oEwi9EK5rDMjAQEAdMEscwQXAciay9ZVqpBDD7NMtCWX6hKF2Ao3
QHTfb2XMsQzx343PiuL0KNiogy2zrCeDkMj/yU6LSE8MrFedE/KvUa9EVKCtd88+
byGlEQqYq/7R1Ywll6vC
=75h5
-----END PGP SIGNATURE-----