retitle 458318 "Four security issues in vlc" thanks Hi Stefan, * Stefan Fritsch <[EMAIL PROTECTED]> [2007-12-30 12:56]: > http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html > https://trac.videolan.org/vlc/ticket/1371 > > describe a security issue which allows to write to arbitrary files with > mozilla-plugin-vlc. > > > According to http://www.securityfocus.com/archive/1/485488/30/0/threaded , > there > are two more unfixed security issues in vlc: > > A] buffer-overflow in the handling of the subtitles > B] format string in the web interface
There is an additional security issue which has been fixed https://trac.videolan.org/vlc/changeset/22023 Vlc will crash because of a missing check for httpd_MsgGet returning NULL. This should be of a very low security impact. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpJdr6JIQQBJ.pgp
Description: PGP signature