CVE-2013-1868
Benjamin Drung
bdrung at debian.org
Wed Mar 20 20:54:30 UTC 2013
Am Mittwoch, den 20.03.2013, 13:56 +0200 schrieb Henri Salo:
> > VLC 2.0.3-5 from testing is (probably) affected and VLC 2.0.5-1 from
> > unstable is not affected.
>
> Could you submit this information to security tracker after you have verified
> it?
It's fixed in VLC 2.0.5 according to upstream.
> > > http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70
> >
> > This git commit is not the correct commit.
>
> Removed from security tracker. Do you know what is the correct commitdiff?
No. The commits between 2.0.4 and 2.0.5 needs to be checked. I found two
commits:
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=74ff87cc141bc1b88a38ee90f95b3d935c938a56
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=8e8b02ff1720eb46dabe2864e79d47b40a2792d5
> > I would appreciate a bug report with an attached and tested patch.
>
> I can submit a bug to BTS, but I don't have knowledge/skills to test this issue
> and currently no time to create patch for it. This is the reason I contacted you
> via email. Please note that the commitdiff-link was in the CVE-request in
> oss-security mailing list. I also prefer not to report the bug with unclear
> details.
Is there test case / file that triggers this bug?
--
Benjamin Drung
Debian & Ubuntu Developer
More information about the pkg-multimedia-maintainers
mailing list