Package: vlc Severity: grave Tags: security patch Hi, vlc is vulnerable to a local privilege escalation[0]: | At startup, VLC recursively scans the modules/ and plugins/ subdirectories from | the current working directory, and tries to execute the vlc_entry__0_8_6 (or | another in other VLC versions) symbol from any file matching the | "lib*_plugin.so" pattern.
An attacker could use this to execute code by providing a crafted library file. Patch: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181 This issue doesn't have a CVE id yet, I already request one and will update this bug report if I got it. Make sure to use it on your changelog then if you close the bug. [0] https://trac.videolan.org/vlc/ticket/1578 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp9ibvdwGyF6.pgp
Description: PGP signature