[SCM] vlc/squeeze: Fix heap buffer overflow (CVE-2011-2587).
xtophe-guest at users.alioth.debian.org
xtophe-guest at users.alioth.debian.org
Fri Jul 29 22:58:32 UTC 2011
The following commit has been merged in the squeeze branch:
commit a882ff33b7a877a0c2385db587cd760edfe77c8d
Author: Benjamin Drung <bdrung at debian.org>
Date: Mon Jul 18 16:09:05 2011 +0200
Fix heap buffer overflow (CVE-2011-2587).
Signed-off-by: Christophe Mutricy <xtophe at chewa.net>
diff --git a/debian/patches/CVE-2011-2587.patch b/debian/patches/CVE-2011-2587.patch
new file mode 100644
index 0000000..fa06ebd
--- /dev/null
+++ b/debian/patches/CVE-2011-2587.patch
@@ -0,0 +1,20 @@
+From: Rémi Denis-Courmont <remi at remlab.net>
+Subject: [PATCH 1/2] real: fix heap buffer overflow (CVE-2011-2587)
+Origin: upstream, http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=3e7f0de57218f76a77f6b1759970e8740fd6ef0c
+
+---
+ modules/demux/real.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/modules/demux/real.c
++++ b/modules/demux/real.c
+@@ -841,7 +841,8 @@
+ demux_sys_t *p_sys = p_demux->p_sys;
+ block_t *p_block = tk->p_sipr_packet;
+
+- if( p_sys->i_buffer < tk->i_frame_size )
++ if( p_sys->i_buffer < tk->i_frame_size
++ || tk->i_sipr_subpacket_count >= tk->i_subpacket_h )
+ return;
+
+ if( !p_block )
diff --git a/debian/patches/series b/debian/patches/series
index 2bfa34e..4399984 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ mkv-input-validation.diff
CVE-2010-3275-CVE-2010-3276.diff
debian-changes-1.1.3-1squeeze5
CVE-2011-2194.diff
+CVE-2011-2587.patch
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list