** Also affects: vlc (Ubuntu Artful) Importance: Undecided Assignee: Simon Quigley (tsimonq2) Status: In Progress
-- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1693893 Title: Possible remote code execution related to subtitles Status in vlc package in Ubuntu: In Progress Status in vlc source package in Xenial: In Progress Status in vlc source package in Zesty: In Progress Status in vlc source package in Artful: In Progress Bug description: VLC 2.2.5.1 fixes buffer overflow and out of bound read bugs related to subtitle decoding. A company called "Check Point" appears to have reported them, but they did not release any details. [1] At least the following 5 commits relate to these bugs: [2] Presumably all currently supported Ubuntu releases are affected by at least one bug fixed by the patches. By the way, there seem to be other security related commits in VLC that might need backporting, e.g. [3] [4] [1]: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ [2]: https://github.com/videolan/vlc/search?q=checkpoint&type=Commits&utf8=%E2%9C%93 [3]: https://github.com/videolan/vlc/search?o=desc&p=1&q=overflow&s=committer-date&type=Commits&utf8=%E2%9C%93 [4]: https://github.com/videolan/vlc/search?o=desc&q=out+of+bound&s=committer-date&type=Commits&utf8=%E2%9C%93 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp