[Frugalware-darcs] homepage-ng: FSA210-vlc

voroskoi voroskoi at frugalware.org
Sun Jul 1 10:41:09 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070701084007-dd049-3a7da89adf1ebb1bbbc97b884d163429b642eb3c.gz;

[FSA210-vlc
voroskoi <voroskoi at frugalware.org>**20070701084007] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>210</id>
+		<date>2007-07-01</date>
+		<author>voroskoi</author>
+		<package>vlc</package>
+		<vulnerable>0.8.6-3</vulnerable>
+		<unaffected>0.8.6-4terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2182</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3316</cve>
+		<desc>Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
+			The vulnerabilities are caused due to format string errors in the Ogg/Vorbis, Ogg/Theora, CDDA (CD Digital Audio), and SAP (Service Announce Protocol) plugins. These can be exploited to execute arbitrary code via a specially crafted .ogg or .ogm file (Vorbis/Theora), CDDB entry, or SAP/SDP message.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list