oem-qa team mailing list archive

Thread
Date

[Bug 325504] Re: Please sync security vulnerability patches in dell-mini version of VLC from mainstream hardy

To: oem-qa@xxxxxxxxxxxxxxxxxxx
From: Pat McGowan <pat.mcgowan@xxxxxxxxxxxxx>
Date: Thu, 23 Apr 2009 20:25:54 -0000
Reply-to: Bug 325504 <325504@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: dell-mini
       Status: New => Confirmed

** Changed in: dell-mini
     Assignee: (unassigned) => Nicolas Valcárcel (nxvl) (nvalcarcel)

-- 
Please sync security vulnerability patches in dell-mini version of VLC from mainstream hardy
https://bugs.launchpad.net/bugs/325504
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Confirmed

Bug description:
Mainstream hardy-updates has a set of patches for vlc to fix several security vulnerabilities (see below, changelog). Current version in dell-mini repositories: 0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1


vlc (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: multiple denials of service and arbitrary code execution
    vulnerabilities. (LP: #262705)
    - debian/patches/040_CVE-2008-3732.diff: Fix TTA integer handling. Fixes
      arbitrary code execution. Patch from upstream git.
    - debian/patches/041_CVE-2008-3794.diff: Fix MMS integer handling. Fixes
      arbitrary code execution. Patch from upstream git.
    - References:
      + http://www.videolan.org/security/sa0807.html
      + CVE-2008-3732
      + CVE-2008-3794

 -- William Grant <wgrant@xxxxxxxxxx>  Sun, 21 Sep 2008 14:00:25 +1000