Date: Mon, 25 Aug 2008 11:59:49 +0200 From: Robert Buchholz <rbu@...too.org> To: oss-security@...ts.openwall.com Cc: Pınar Yanardağ <pinar@...dus.org.tr> Subject: Pardus Bugs / Patches, Was: Re: CVE id request: vlc On Sunday 24 August 2008, Pınar Yanardağ wrote: > Nico Golde wrote On 24-08-2008 13:10: > > Hi, > > > > * Pinar Yanarda<pinar@...dus.org.tr> [2008-08-24 11:23]: > >> Nico Golde wrote On 24-08-2008 03:13: > >>> Hi, > >>> there seems to be a buffer overflow in videolans mms > >>> handling: > >>> http://www.orange-bat.com/adv/2008/adv.08.24.txt > >> > >> Btw, a vendor patch has been released: > >> http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488 > >>.html > > > > Wow that was fast, 4 hours after I notified them of the > > problem. > > Looks correct to me. Anyone else had a look at the patch? > > I was having some trouble to apply this patch but they updated it a > couple of hours ago, which works fine now. Hey Pınar, I noticed Pardus is not yet listed on the 'How to steal hard work and patches from others' page, aka: http://oss-security.openwall.org/wiki/distro-patches If you host your patches somewhere, please add a pointer there. Also, are you managing security bugs with Bugzilla, or somewhere else where one can look up the status of an issue? Thanks, Robert Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.