Bug#522170: vlc: CVE-2009-1045 denial of service if web user interface is used

Christophe Mutricy xtophe at chewa.net
Wed Apr 1 23:48:37 UTC 2009

Le Thu 02 Apr 09 à 01:26 +0200, Nico Golde a écrit :
> > This is not a security issue. Because if you have access to the html
> > interface and want to DoS vlc, you'd quicker to click on the "Close"
> > button.
> Isn't this interface available if vlc is used to stream and 
> serves as a http server?

VLC can stream over HTTP and VLC have an html interface but the 2 things
are completly separated.

The access to the html interface is controled by a .hosts file. The
.hosts distributed by upstream and debian allow only localhost to
connect to the html interface.

More detailed in

The CVE is likely to end-uo being marked as "disputed" or rejected


More information about the pkg-multimedia-maintainers mailing list