Bug#522170: vlc: CVE-2009-1045 denial of service if web user interface is used
Christophe Mutricy
xtophe at chewa.net
Wed Apr 1 23:48:37 UTC 2009
Le Thu 02 Apr 09 à 01:26 +0200, Nico Golde a écrit :
> > This is not a security issue. Because if you have access to the html
> > interface and want to DoS vlc, you'd quicker to click on the "Close"
> > button.
>
> Isn't this interface available if vlc is used to stream and
> serves as a http server?
No.
VLC can stream over HTTP and VLC have an html interface but the 2 things
are completly separated.
The access to the html interface is controled by a .hosts file. The
.hosts distributed by upstream and debian allow only localhost to
connect to the html interface.
More detailed in
http://thread.gmane.org/gmane.comp.video.videolan.vlc.devel/55854/focus=55901
The CVE is likely to end-uo being marked as "disputed" or rejected
--
Xtophe
More information about the pkg-multimedia-maintainers
mailing list