Hi,
* Christophe Mutricy <[email protected]> [2009-04-02 00:36]:
> Le Wed 01 Apr 09 à 13:17 +0200, Nico Golde a écrit :
> > CVE-2009-1045[0]:
> > | requests/status.xml in VLC 0.9.8a allows remote attackers to cause a
> > | denial of service (stack consumption and crash) via a long input
> > | argument in an in_play action.
> 
> This is not a security issue. Because if you have access to the html
> interface and want to DoS vlc, you'd quicker to click on the "Close"
> button.
> 
> Anyway it's fixed in 0.9.9 which i am packaging atm.

Isn't this interface available if vlc is used to stream and 
serves as a http server?

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpa5qea1KGVO.pgp
Description: PGP signature

Reply via email to