<vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396
Bug #1020403 reported by
Karma Dorje
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gentoo Linux |
Unknown
|
Medium
|
|||
vlc (Debian) |
Fix Released
|
Unknown
|
|||
vlc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
New
|
Undecided
|
Unassigned |
Bug Description
It includes the following security content:
Fixed Ogg Heap buffer overflow
ogg: Fix a heap buffer overflow.
Reported by: An anonymous contributor working with the SecuriTeam Secure
Disclosure
program (http://
(cherry picked from commit 6a41b030f5b7fcb
http://
Updated taglib (CVE-2012-2396)
summary: |
- vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396 + <vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396 |
visibility: | private → public |
Changed in vlc (Debian): | |
status: | Unknown → Fix Released |
Changed in gentoo: | |
importance: | Unknown → Medium |
To post a comment you must log in.
Not much more information besides vlc-2.0.2 NEWS file:
Security:
* Fix Ogg Heap buffer overflow
and this commit: git.videolan. org/gitweb. cgi/vlc/ vlc-2.0. git/?a= commit; h=16e9e126333fb 7acb47d363366fe e3deadc8331e
http://
2.0.2 should be safe to stabilise though.