Dear security and testing-security teams, I have prepared sarge and etch packages for the VideoLAN-SA-0702 advisory (found at http://www.videolan.org/sa0702.html). I took the liberty to fix other DoS and buffer overflow bugs in the package, if you are not happy with this let me know and I will remove them. The debdiffs are clean and it should be quite obvious what the different patches do.
Sarge is not vulnerable to the CDDA part of the advisory. Fixed packages are here: http://people.zoy.org/~sam/vlc/0.8.1.svn20050314-1sarge3/ Etch is vulnerable to all holes in the advisory. Packages are here: http://people.zoy.org/~sam/vlc/0.8.6-svn20061012.debian-5etch1/ Lenny is vulnerable to all holes in the advisory. Packages are here: http://people.zoy.org/~sam/vlc/0.8.6.a.debian-6lenny1/ Sid is vulnerable to all holes in the advisory. The fixed packages will be 0.8.6.c.debian-1. Regards, -- Sam. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
