fixed in gutsy vlc (0.8.6.release.c-0ubuntu1) gutsy; urgency=low
* SECURITY UPDATE: Format string injection in multiple plugins could lead to arbitrary code execution and/or DoS. * New upstream security and bugfix release, 0.8.6c (LP: #121511). * References CVE-2007-0256 CVE-2007-3316 * debian/patches/: Remove 020_flac.diff and 030_CVE-2007-0017.diff (subsumed by new upstream release). * debian/vlc-nox.install: Add libtelx_plugin.so (fixes FTBFS). -- Daniel T Chen <[EMAIL PROTECTED]> Mon, 25 Jun 2007 01:53:37 -0400 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-0017 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-0256 ** Changed in: vlc (Ubuntu Gutsy) Status: Confirmed => Fix Released -- vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors https://bugs.launchpad.net/bugs/122207 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs