CVE-2008-5276 RealMedia Processing Integer Overflow Vulnerability
Bug #305958 reported by
Sebastian Kemper
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| vlc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
http://
Affected Software: VLC media player < 0.9.8a
Remotely Exploitable: Yes
Locally Exploitable: No
Vendor Status: Vendor has released an updated version
For Ibex there seems to be an updated .deb (https:/
lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
CVE References
| Changed in vlc: | |
| status: | New → Confirmed |
Revision history for this message
| Reinhard Tartler (siretart) wrote | #1 |
| Changed in vlc (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
fixed since jaunty with merging from unstable:
vlc (0.9.8a-1) experimental; urgency=low
* New upstream release
+ Fix integer overflow in Real demux (VideoLAN SA-2008-11, CVE-2008-5276)
* Enable RealRTSP access module
* Depends on libv4l-dev to add support of some webcam
* Don't rebootstrap. The packages causing troubles previously have been fixed
-- Christophe Mutricy <email address hidden> Wed, 03 Dec 2008 20:20:52 +0100