The Dell Mini Project

Please sync security vulnerability patches in dell-mini version of VLC from mainstream hardy

Bug #325504 reported by Nicola Ferralis
252
Affects Status Importance Assigned to Milestone
The Dell Mini Project
Confirmed
Undecided
Nicolas Valcarcel

Bug Description

Mainstream hardy-updates has a set of patches for vlc to fix several security vulnerabilities (see below, changelog). Current version in dell-mini repositories: 0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1

vlc (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: multiple denials of service and arbitrary code execution
    vulnerabilities. (LP: #262705)
    - debian/patches/040_CVE-2008-3732.diff: Fix TTA integer handling. Fixes
      arbitrary code execution. Patch from upstream git.
    - debian/patches/041_CVE-2008-3794.diff: Fix MMS integer handling. Fixes
      arbitrary code execution. Patch from upstream git.
    - References:
      + http://www.videolan.org/security/sa0807.html
      + CVE-2008-3732
      + CVE-2008-3794

 -- William Grant <email address hidden> Sun, 21 Sep 2008 14:00:25 +1000

Pat McGowan (pat-mcgowan)
Changed in dell-mini:
assignee: nobody → nvalcarcel
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.