Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Sep 2013 18:33:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Laurent Butti <laurentb@...il.com>
Subject: Re: CVE request: VLC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/30/2013 03:31 PM, Laurent Butti wrote:
> Hi,
> 
> I have found a security issue in vlc 2.0.8 which was reported to
> VLC team and fixed in both 2.0.9 and 2.1.0 (as "Fix buffer overflow
> in the mp4a packetizer").
> 
> Here are the commit log and changelog:
> 
> *
> http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
>
> 
* http://www.videolan.org/developers/vlc-branch/NEWS
> 
> Could a CVE be assigned?
> 
> Thanks, Laurent Butti.

Thanks, please use CVE-2013-4388  for this issue.

Also do you know anything about:

Demuxers:
 * Add protection against several potential heap buffer overflow in
libebml

how potential are we talking?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSShhdAAoJEBYNRVNeJnmTrnAP/jQ9KDaZZU0hYRg98Ee/E+DG
5JMlvb8nge3TbdzgA38tE1J6oTALI/YiCFduyXJqieKdUiMDT7zqXPdg/Rtnimmj
pcI4YHvLybHNS34sr9+mOSTq55kJfHrywmCboIkZE/lCQ0UX4LmsfR421lAWkUas
XKgCA0B+MZPVlFx9BTJ6JUP0TbKtDIEmje6Tm1KTeyfgDgpp1nLmF237+mFfH/cC
DTYmC3M8GhYltzQdIgTJCkBNfG0JOuS1NYdOWvsn3vSYpcC2nvqhzBJZwFWVR+ym
iA9LcdS+hKvk/EWAVEw3vvlGfcbB6qAfE+Xkyo4SMEHoikcQlExiYvlet0YXIahK
1Vsqnw1n9qTx4/mlDaXLFULMKj7PvC55wbhs3IPe51Y08icbmg4Egl4LzcYM7634
Z0RQeF90WcrFhwJuaemxhC0SKtZYHZgfMvpLzMVlTLjEAFtxJ0ggnYopRdR/kg+t
P/vdWu1J+M32gPQLQ7cUYTzeNUrIsg/kPoiwLzcvgsgvPQIkIVqCWHQ1aXJee0YV
dgh3ygWFX5tzoOETlFbF5KszWAqi1r2aHpsGPQaDdrht6I0pyABWYdOucTg1EE09
SmiPbwHVx9o14dk2oFF4ocblYdeIFmkw8frfdxfjghidA0mE+Oslk04io5v2AIhN
51EibobpfKQ3CTaQhD4Z
=d92s
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ