Attaching reproducer file from reporter.
881133-poc
Description: Binary data
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
Has this issue been reported to upstream?
--
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
not seem to be very
active.
--
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Attached patches from upstream, which apply to 1.2.1-6. DSA should be created.
---
Henri Salo
--- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200
+++ src/libFLAC/stream_decoder.c 2014-11-25 13:48:39.697566936 +0200
@@ -94,7 +94,7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Have you requested CVE already? If you want I can verify this issue and create
the request.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQOzeYACgkQXf6hBi6kbk8dlgCdFm+h5UIJ80dqKfB0oojjiQBq
Do you still have this issue with version 2.2.2-1?
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
Package: vlc
Version: 2.1.2-2
Severity: important
Tags: security, fixed-upstream
Patch available:
http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404
---
Henri Salo
signature.asc
Description: Digital signature
=9b0414dc7f5c18ff2951175cf076779c444efd70
http://www.videolan.org/security/sa1301.html
I can submit bug if needed. At least I can't find that file, which was changed.
---
Henri Salo
signature.asc
Description: Digital signature
___
pkg-multimedia
for it. This is the reason I contacted you
via email. Please note that the commitdiff-link was in the CVE-request in
oss-security mailing list. I also prefer not to report the bug with unclear
details.
---
Henri Salo
signature.asc
Description: Digital signature
On Wed, Mar 20, 2013 at 09:54:30PM +0100, Benjamin Drung wrote:
Is there test case / file that triggers this bug?
I don't have any. You can request such from upstream if you want or I can do it.
---
Henri Salo
signature.asc
Description: Digital signature
checked source code of
1.1.3-1squeeze6. Sorry but I do not know, which situation this issue can lead,
but usually heap overflows should be fixed as soon as possible.
http://cwe.mitre.org/data/definitions/122.html
- Henri Salo
-- System Information:
Debian Release: 6.0.5
APT prefers stable
http://securitytracker.com/id/1027224 says:
A remote user can create a specially crafted file that, when loaded by the
target user, will trigger a heap overflow and execute arbitrary code on the
target system. The code will run with the privileges of the target user.
at all. Even kill -9 did not do anything. Could
someone verify this?
PoC-file: http://www.zeroscience.mk/codes/aimp2_evil.mp3
Best regards,
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http
Well I tried this against 1.1.3-1squeeze3 and I am not able to reproduce in
1.1.3-1squeeze5. The exploit file is in:
http://www.zeroscience.mk/codes/aimp2_evil.mp3 (OSVDB ID: 62728). We can close
this case. Thank you for noticing this.
Best regards,
Henri Salo
control
over GUI. I can give debug-information/logs if needed.
Can someone update tracker TEMP-000-57DB88? Note obscure exploit scenario,
not reproducible is not true in my opinion.
References:
http://osvdb.org/show/osvdb/62728
Best regards,
Henri Salo
-- System Information:
Debian Release
Could you email me sample playlist-file, which crashes VLC or do you have URL
to one?
Best regards,
Henri Salo
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman
I'm pretty sure closing bug #595252 will also close this bug.
So please reassign.
Regards,
Henri Menke
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo
I installed pulseaudio and VLC is now using the pulse-backend, but it is
still not working.
I play a file with ogg123 and then tried to play a file with VLC at the
same time (I attached the log).
BTW, if I play a file with ogg123 and want to play a file with mplayer
(which uses alsa as backend)
18 matches
Mail list logo