[Secure-testing-team] Bug#625966: libmodplug1: libmodplug <= 0.8.8.2 .abc Stack-Based Buffer Overflow
Remi Denis-Courmont
remi at remlab.net
Sat May 7 12:51:39 UTC 2011
Package: libmodplug1
Version: 1:0.8.8.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hello,
As the security contact for VLC media player, this was brought to my
attention: http://www.exploit-db.com/exploits/17222/
I can confirm the bug happens, but I have no further informations at
this point.
Best regards,
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (100, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libmodplug1 depends on:
ii libc6 2.13-2 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.6.0-6 GCC support library
ii libstdc++6 4.6.0-6 The GNU Standard C++ Library v3
libmodplug1 recommends no packages.
libmodplug1 suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list