Control: severity -1 normal Control: reassign -1 iceweasel 31.3.0esr-1 Control: retitle -1 iceweasel: broken vlc plugin version check
On 2014-12-12 01:56:46, Vincent Lefevre wrote: > Package: browser-plugin-vlc > Version: 2.0.6-4 > Severity: grave > Tags: security upstream > Justification: user security hole > > https://www.mozilla.org/en-US/plugincheck/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=plugincheck-update > > says that the VLC Web Plugin is outdated and vulnerable. > > Note: about:plugins confirms that this is the Debian one > (/usr/lib/mozilla/plugins/libvlcplugin.so). To quote RĂ©mi from #751940#27: > The Mozilla foundation writes code for an alternate reality where the > version number of the VLC NPAPI plugin and the (Lib)VLC run-time have > identical version numbers. Indeed (Lib)VLC version 2.0.0 has security > issues. But that says nothing of version 2.0.0 of the VLC NPAPI plugin. > > In other words, the bug lies within the version checks of the Mozilla > browser. Reassigning to iceweasel. We already have #751940 to track the version reporting issue on the VLC NPAPI plugin side. Cheers -- Sebastian Ramacher
signature.asc
Description: Digital signature
