Bug#522170: vlc: CVE-2009-1045 denial of service if web user interface is used
Christophe Mutricy
xtophe at chewa.net
Wed Apr 1 19:29:05 UTC 2009
tags 522170 - security
tags 522170 + fixed-upstream
severity 522170 normal
thanks
Le Wed 01 Apr 09 à 13:17 +0200, Nico Golde a écrit :
> CVE-2009-1045[0]:
> | requests/status.xml in VLC 0.9.8a allows remote attackers to cause a
> | denial of service (stack consumption and crash) via a long input
> | argument in an in_play action.
This is not a security issue. Because if you have access to the html
interface and want to DoS vlc, you'd quicker to click on the "Close"
button.
Anyway it's fixed in 0.9.9 which i am packaging atm.
--
Xtophe
More information about the pkg-multimedia-maintainers
mailing list