oss-sec mailing list archives

Re: CVE id request: vlc


From: Pınar Yanardağ <pinar () pardus org tr>
Date: Sun, 24 Aug 2008 15:31:09 +0300

Nico Golde wrote On 24-08-2008 13:10:
Hi,
* Pinar Yanarda<pinar () pardus org tr>  [2008-08-24 11:23]:
Nico Golde wrote On 24-08-2008 03:13:
Hi,
there seems to be a buffer overflow in videolans mms
handling:
http://www.orange-bat.com/adv/2008/adv.08.24.txt

Btw, a vendor patch has been released:
http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html

Wow that was fast, 4 hours after I notified them of the
problem.
Looks correct to me. Anyone else had a look at the patch?

I was having some trouble to apply this patch but they updated it a couple of hours ago, which works fine now.

http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048504.html

Cheers,

--
Pınar Yanardağ
http://pinguar.org


Current thread: