Bug#467652: CVE-2008-0984 (arbitrary code execution) is very likely to also affect the vlc version in Etch
Nico Golde
nion at debian.org
Wed May 21 22:54:24 UTC 2008
Hi,
* Axel Beckert <beckert at phys.ethz.ch> [2008-03-04 12:57]:
> reopen 467652 !
> found 467652 0.8.6-svn20061012.debian-5etch1
> tag 467652 +etch
> thanks
>
> I have no exploit for CVE-2008-0984 available to proof that vlc in
> Etch is vulnerable, but since the official patch applies to the vlc
> source in Etch without problems, it is very likely that vlc in Etch is
> also affected.
PoC: http://nion.modprobe.de/la.mov
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20080522/96348ca7/attachment.pgp
More information about the pkg-multimedia-maintainers
mailing list