Hi, debdiff attached and archived on: http://people.debian.org/~nion/nmu-diff/vlc-0.8.6_0.8.6.c-6.1.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u vlc-0.8.6.e/debian/changelog vlc-0.8.6.e/debian/changelog
--- vlc-0.8.6.e/debian/changelog
+++ vlc-0.8.6.e/debian/changelog
@@ -1,3 +1,12 @@
+vlc (0.8.6.e-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix Integer overflow in MP4_ReadBox_rdrf function
+ that triggers a heap-based buffer overflow via a
+ large atom length value (Closes: #472635).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Wed, 26 Mar 2008 13:21:44 +0100
+
vlc (0.8.6.e-1) unstable; urgency=high
[ Christophe Mutricy ]
diff -u vlc-0.8.6.e/debian/patches/series vlc-0.8.6.e/debian/patches/series
--- vlc-0.8.6.e/debian/patches/series
+++ vlc-0.8.6.e/debian/patches/series
@@ -8,0 +9 @@
+400-CVE-2008-1489.diff
only in patch2:
unchanged:
--- vlc-0.8.6.e.orig/debian/patches/400-CVE-2008-1489.diff
+++ vlc-0.8.6.e/debian/patches/400-CVE-2008-1489.diff
@@ -0,0 +1,16 @@
+--- vlc-0.8.6e.orig/modules/demux/mp4/libmp4.c (revision 0e90ac58d8d1476cfdd81eb57e2a2a0eca0e5d91)
++++ vlc-0.8.6e/modules/demux/mp4/libmp4.c (revision 09572892df7e72c0d4e598c0b5e076cf330d8b0a)
+@@ -1985,8 +1985,12 @@
+ MP4_GETFOURCC( p_box->data.p_rdrf->i_ref_type );
+ MP4_GET4BYTES( i_len );
++ i_len++;
++
+ if( i_len > 0 )
+ {
+ uint32_t i;
+- p_box->data.p_rdrf->psz_ref = malloc( i_len + 1);
++ p_box->data.p_rdrf->psz_ref = malloc( i_len );
++ i_len--;
++
+ for( i = 0; i < i_len; i++ )
+ {
pgpBlkPeLJkh4.pgp
Description: PGP signature

