retitle 461544 vlc: CVE-2008-029[5,6] multiple vulnerabilities in embedded xine copy thanks
Hi Christophe, * Christophe Mutricy <[EMAIL PROTECTED]> [2008-01-21 11:41]: > > I contacted upstream for a patch of this. > > Hmmm, your mail hasn't reach us (or was mistakely deleted in moderation > or I haven't look well enough) Strange, glad to see that you follow the bug tracker. > Anayway, here's a patch: > http://trac.videolan.org/vlc/changeset/24440 Thanks! > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0296 > Btw, there is also CVE-2008-0295 but i don't really see the difference > between 295 and 296 as they refer to the same advisory of Luigi Auriemma Yes this was still on our TODO list :) CVE-2008-0295[0]: | Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in | the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and | earlier, allows user-assisted remote attackers to cause a denial of | service (crash) or execute arbitrary code via long Session Description | Protocol (SDP) data. Mitre usually splits different vulnerabilities to different CVE ids. Kind regards Nico [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0295 http://security-tracker.debian.net/tracker/CVE-2008-0295 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp3kgaS7eyR3.pgp
Description: PGP signature
