Comment 1 for bug 238873

Revision history for this message
Andrew Starr-Bochicchio (andrewsomething) wrote :

Changes between 0.8.6f and 0.8.6g
Security updates

    * Removed VLC variable settings from Mozilla and ActiveX (CVE-2007-6683, VideoLAN-SA-0804)
    * Removed loading plugins from the current directory (CVE-2008-2147, VideoLAN-SA-0805)
    * Updated libpng on Windows and Mac OS X (CVE-2008-1382)
    * Fixed libid3tag denial of service (CVE-2008-2109)
    * Fixed libvorbis vulnerabilities (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423)
    * Fixed speex insufficient boundary check (CVE-2008-1686, oCERT-2008-004)