Attaching reproducer file from reporter.
881133-poc
Description: Binary data
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainer
Has this issue been reported to upstream?
--
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
oes not seem to be very
active.
--
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Attached patches from upstream, which apply to 1.2.1-6. DSA should be created.
---
Henri Salo
--- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200
+++ src/libFLAC/stream_decoder.c 2014-11-25 13:48:39.697566936 +0200
@@ -94,7 +94,7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Have you requested CVE already? If you want I can verify this issue and create
the request.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQOzeYACgkQXf6hBi6kbk8dlgCdFm+h5UIJ80dqKfB0oojjiQBq
Do you have any more information about this? It is quite hard to fix security
vulnerability without any details.
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers
Do you still have this issue with version 2.2.2-1?
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
Package: vlc
Version: 2.1.2-2
Severity: important
Tags: security, fixed-upstream
Patch available:
http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404
---
Henri Salo
signature.asc
Description: Digital signature
On Wed, Mar 20, 2013 at 09:54:30PM +0100, Benjamin Drung wrote:
> Is there test case / file that triggers this bug?
I don't have any. You can request such from upstream if you want or I can do it.
---
Henri Salo
signature.asc
Description: Digital s
s issue
and currently no time to create patch for it. This is the reason I contacted you
via email. Please note that the commitdiff-link was in the CVE-request in
oss-security mailing list. I also prefer not to report the bug with unclear
details.
---
Henri Salo
signature.as
=9b0414dc7f5c18ff2951175cf076779c444efd70
http://www.videolan.org/security/sa1301.html
I can submit bug if needed. At least I can't find that file, which was changed.
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multi
http://securitytracker.com/id/1027224 says:
"A remote user can create a specially crafted file that, when loaded by the
target user, will trigger a heap overflow and execute arbitrary code on the
target system. The code will run with the privileges of the target user."
___
checked source code of
1.1.3-1squeeze6. Sorry but I do not know, which situation this issue can lead,
but usually heap overflows should be fixed as soon as possible.
http://cwe.mitre.org/data/definitions/122.html
- Henri Salo
-- System Information:
Debian Release: 6.0.5
APT prefers stable
some windows at all. Even kill -9 did not do anything. Could
someone verify this?
PoC-file: http://www.zeroscience.mk/codes/aimp2_evil.mp3
Best regards,
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.
Well I tried this against 1.1.3-1squeeze3 and I am not able to reproduce in
1.1.3-1squeeze5. The exploit file is in:
http://www.zeroscience.mk/codes/aimp2_evil.mp3 (OSVDB ID: 62728). We can close
this case. Thank you for noticing this.
Best regards,
Henri Salo
After emailing back to this bug-report I noticed that I can't close nor open
windows in X at all. Could you verify this?
Best regards,
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
Could you email me sample playlist-file, which crashes VLC or do you have URL
to one?
Best regards,
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman
d I needed to restart whole X to get control
over GUI. I can give debug-information/logs if needed.
Can someone update tracker TEMP-000-57DB88? Note "obscure exploit scenario,
not reproducible" is not true in my opinion.
References:
http://osvdb.org/show/osvdb/62728
Best reg
I'm pretty sure closing bug #595252 will also close this bug.
So please reassign.
Regards,
Henri Menke
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/lis
I installed pulseaudio and VLC is now using the pulse-backend, but it is
still not working.
I play a file with ogg123 and then tried to play a file with VLC at the
same time (I attached the log).
BTW, if I play a file with ogg123 and want to play a file with mplayer
(which uses alsa as backend) at
27;--disable-gnomevfs' '--disable-goom' '--disable-libva' '--disable-osso_screensaver' '--disable-portaudio' '--disable-projectm' '--disable-sqlite' '--disable-telx' '--disable-x264' '--enable-alsa' '--en
Subject: Please add ffmpeg-mt for multithreading support
Package: ffmpeg
Version: 4:0.5.1-3
Severity: wishlist
ffmpeg-mt enabled mutithreaded decoding for ffmpeg. This is necesary for
watch e.g. h264 movies with huge bitrates (+1kbit/s).
ffmpeg-mt is currently located here: http://gitorious
22 matches
Mail list logo
