Date: Sun, 11 May 2008 01:37:55 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: CVE id request: vlc local privilege escalation Hi, can I get a CVE id for vlc? https://trac.videolan.org/vlc/ticket/1578: "At startup, VLC recursively scans the modules/ and plugins/ subdirectories from the current working directory, and tries to execute the vlc_entry__0_8_6 (or another in other VLC versions) symbol from any file matching the "lib*_plugin.so" pattern." Patch: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.