Bug#881133: poc from reporter

Attaching reproducer file from reporter. 881133-poc Description: Binary data ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org

Bug#881133: status

Has this issue been reported to upstream? -- Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#778529: lame: fill_buffer_resample segmentation fault

not seem to be very active. -- Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#770918: patches

Attached patches from upstream, which apply to 1.2.1-6. DSA should be created. --- Henri Salo --- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200 +++ src/libFLAC/stream_decoder.c 2014-11-25 13:48:39.697566936 +0200 @@ -94,7 +94,7

Bug#756565: CVE

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have you requested CVE already? If you want I can verify this issue and create the request. - --- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlQOzeYACgkQXf6hBi6kbk8dlgCdFm+h5UIJ80dqKfB0oojjiQBq

Bug#425775: update

Do you still have this issue with version 2.2.2-1? --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin

Bug#743033: vlc: CVE-2014-1684: crafted ASF file handling integer divide-by-zero DoS

Package: vlc Version: 2.1.2-2 Severity: important Tags: security, fixed-upstream Patch available: http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404 --- Henri Salo signature.asc Description: Digital signature

CVE-2013-1868

=9b0414dc7f5c18ff2951175cf076779c444efd70 http://www.videolan.org/security/sa1301.html I can submit bug if needed. At least I can't find that file, which was changed. --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia

Re: CVE-2013-1868

for it. This is the reason I contacted you via email. Please note that the commitdiff-link was in the CVE-request in oss-security mailing list. I also prefer not to report the bug with unclear details. --- Henri Salo signature.asc Description: Digital signature

Re: CVE-2013-1868

On Wed, Mar 20, 2013 at 09:54:30PM +0100, Benjamin Drung wrote: Is there test case / file that triggers this bug? I don't have any. You can request such from upstream if you want or I can do it. --- Henri Salo signature.asc Description: Digital signature

Bug#680665: CVE-2012-3377: Ogg demuxer heap buffer overflow

checked source code of 1.1.3-1squeeze6. Sorry but I do not know, which situation this issue can lead, but usually heap overflows should be fixed as soon as possible. http://cwe.mitre.org/data/definitions/122.html - Henri Salo -- System Information: Debian Release: 6.0.5 APT prefers stable

Bug#680665: More information

http://securitytracker.com/id/1027224 says: A remote user can create a specially crafted file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Bug#616156: vlc: VLC bookmark buffer overflow

at all. Even kill -9 did not do anything. Could someone verify this? PoC-file: http://www.zeroscience.mk/codes/aimp2_evil.mp3 Best regards, Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http

Bug#616156: vlc: VLC bookmark buffer overflow

Well I tried this against 1.1.3-1squeeze3 and I am not able to reproduce in 1.1.3-1squeeze5. The exploit file is in: http://www.zeroscience.mk/codes/aimp2_evil.mp3 (OSVDB ID: 62728). We can close this case. Thank you for noticing this. Best regards, Henri Salo

Bug#616156: Subject: vlc: VLC bookmark buffer overflow

control over GUI. I can give debug-information/logs if needed. Can someone update tracker TEMP-000-57DB88? Note obscure exploit scenario, not reproducible is not true in my opinion. References: http://osvdb.org/show/osvdb/62728 Best regards, Henri Salo -- System Information: Debian Release

Bug#612507: [vlc] vlc segfaults when opening an internet playlist

Could you email me sample playlist-file, which crashes VLC or do you have URL to one? Best regards, Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman

Bug#600496: This bug is releated to bug 595252

I'm pretty sure closing bug #595252 will also close this bug. So please reassign. Regards, Henri Menke ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo

Bug#600496: vlc: VLC seems to lock all alsa devices

I installed pulseaudio and VLC is now using the pulse-backend, but it is still not working. I play a file with ogg123 and then tried to play a file with VLC at the same time (I attached the log). BTW, if I play a file with ogg123 and want to play a file with mplayer (which uses alsa as backend)