[Secure-testing-team] fixed vlc packages for VideoLAN-SA-0702
Sam Hocevar
sam at zoy.org
Thu Jun 21 18:22:06 UTC 2007
Dear security and testing-security teams,
I have prepared sarge and etch packages for the VideoLAN-SA-0702
advisory (found at http://www.videolan.org/sa0702.html). I took the
liberty to fix other DoS and buffer overflow bugs in the package, if you
are not happy with this let me know and I will remove them. The debdiffs
are clean and it should be quite obvious what the different patches do.
Sarge is not vulnerable to the CDDA part of the advisory. Fixed
packages are here:
http://people.zoy.org/~sam/vlc/0.8.1.svn20050314-1sarge3/
Etch is vulnerable to all holes in the advisory. Packages are here:
http://people.zoy.org/~sam/vlc/0.8.6-svn20061012.debian-5etch1/
Lenny is vulnerable to all holes in the advisory. Packages are here:
http://people.zoy.org/~sam/vlc/0.8.6.a.debian-6lenny1/
Sid is vulnerable to all holes in the advisory. The fixed packages
will be 0.8.6.c.debian-1.
Regards,
--
Sam.
More information about the Secure-testing-team
mailing list