Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Sun, 24 Aug 2008 15:31:09 +0300
From: Pınar YanardaÄ. <pinar@...dus.org.tr>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: vlc

Nico Golde wrote On 24-08-2008 13:10:
> Hi,
> * Pinar Yanarda<pinar@...dus.org.tr>  [2008-08-24 11:23]:
>    
>> Nico Golde wrote On 24-08-2008 03:13:
>>      
>>> Hi,
>>> there seems to be a buffer overflow in videolans mms
>>> handling:
>>> http://www.orange-bat.com/adv/2008/adv.08.24.txt
>>>
>>>        
>> Btw, a vendor patch has been released:
>> http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html
>>      
>
> Wow that was fast, 4 hours after I notified them of the
> problem.
> Looks correct to me. Anyone else had a look at the patch?
>    

I was having some trouble to apply this patch but they updated it a 
couple of hours ago, which works fine now.

http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048504.html

Cheers,

-- 
Pınar YanardaÄ.
http://pinguar.org

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ