Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 25 Aug 2008 11:59:49 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Cc: Pınar Yanardağ <pinar@...dus.org.tr>
Subject: Pardus Bugs / Patches, Was: Re: CVE id request: vlc

On Sunday 24 August 2008, Pınar Yanardağ wrote:
> Nico Golde wrote On 24-08-2008 13:10:
> > Hi,
> >
> > * Pinar Yanarda<pinar@...dus.org.tr>  [2008-08-24 11:23]:
> >> Nico Golde wrote On 24-08-2008 03:13:
> >>> Hi,
> >>> there seems to be a buffer overflow in videolans mms
> >>> handling:
> >>> http://www.orange-bat.com/adv/2008/adv.08.24.txt
> >>
> >> Btw, a vendor patch has been released:
> >> http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488
> >>.html
> >
> > Wow that was fast, 4 hours after I notified them of the
> > problem.
> > Looks correct to me. Anyone else had a look at the patch?
>
> I was having some trouble to apply this patch but they updated it a
> couple of hours ago, which works fine now.

Hey Pınar,

I noticed Pardus is not yet listed on the 'How to steal hard work and 
patches from others' page, aka:
  http://oss-security.openwall.org/wiki/distro-patches

If you host your patches somewhere, please add a pointer there.
Also, are you managing security bugs with Bugzilla, or somewhere else 
where one can look up the status of an issue?

Thanks,
Robert

Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.