[Secure-testing-team] fixed vlc packages for VideoLAN-SA-0702
Moritz Muehlenhoff
jmm at inutil.org
Thu Jun 21 18:45:12 UTC 2007
On Thu, Jun 21, 2007 at 08:22:06PM +0200, Sam Hocevar wrote:
> Dear security and testing-security teams,
>
> I have prepared sarge and etch packages for the VideoLAN-SA-0702
> advisory (found at http://www.videolan.org/sa0702.html). I took the
> liberty to fix other DoS and buffer overflow bugs in the package, if you
> are not happy with this let me know and I will remove them. The debdiffs
> are clean and it should be quite obvious what the different patches do.
>
> Sarge is not vulnerable to the CDDA part of the advisory. Fixed
> packages are here:
> http://people.zoy.org/~sam/vlc/0.8.1.svn20050314-1sarge3/
>
> Etch is vulnerable to all holes in the advisory. Packages are here:
> http://people.zoy.org/~sam/vlc/0.8.6-svn20061012.debian-5etch1/
>
> Lenny is vulnerable to all holes in the advisory. Packages are here:
> http://people.zoy.org/~sam/vlc/0.8.6.a.debian-6lenny1/
>
> Sid is vulnerable to all holes in the advisory. The fixed packages
> will be 0.8.6.c.debian-1.
Thanks, I'll take care of an update for stable and oldstable.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list