diff -u vlc-0.8.6.release/debian/changelog vlc-0.8.6.release/debian/changelog --- vlc-0.8.6.release/debian/changelog +++ vlc-0.8.6.release/debian/changelog @@ -1,3 +1,17 @@ +vlc (0.8.6.release-0ubuntu4.1) feisty-security; urgency=low + + * SECURITY UPDATE: + - debian/patches/031_CVE-2008-0984.diff (LP: #195949) + + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer) suffers + from an arbitrary memory overwrite vulnerability when using crash the player + instance. + + * References + - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0984 + - http://www.videolan.org/security/sa0802.html + + -- Emanuele Gentili Wed, 27 Feb 2008 02:48:48 +0100 + vlc (0.8.6.release-0ubuntu4) feisty; urgency=low * debian/control: Revert back to building against libwxgtk2.6-dev diff -u vlc-0.8.6.release/debian/patches/series vlc-0.8.6.release/debian/patches/series --- vlc-0.8.6.release/debian/patches/series +++ vlc-0.8.6.release/debian/patches/series @@ -8,0 +9 @@ +031_CVE-2008-0984.diff only in patch2: unchanged: --- vlc-0.8.6.release.orig/debian/patches/031_CVE-2008-0984.diff +++ vlc-0.8.6.release/debian/patches/031_CVE-2008-0984.diff @@ -0,0 +1,17 @@ +Index: vlc/modules/demux/mp4/mp4.c +=================================================================== +--- vlc/modules/demux/mp4/mp4.c (revision 24943) ++++ vlc/modules/demux/mp4/mp4.c (revision 24944) +@@ -1151,6 +1151,12 @@ + for( i_chunk = p_stsc->data.p_stsc->i_first_chunk[i_index] - 1; + i_chunk < i_last; i_chunk++ ) + { ++ if( i_chunk >= p_demux_track->i_chunk_count ) ++ { ++ msg_Warn( p_demux, "corrupted chunk table" ); ++ return VLC_EGENERIC; ++ } ++ + p_demux_track->chunk[i_chunk].i_sample_description_index = + p_stsc->data.p_stsc->i_sample_description_index[i_index]; + p_demux_track->chunk[i_chunk].i_sample_count =