Fixes an overflow in modules/access/vcd/cdrom.c Offical announcement: http://www.videolan.org/security/sa0810.html In depth: http://www.trapkit.de/advisories/TKADV2008-012.txt Patch obtained from VideoLAN's git and grafted onto 0.8.6i as painlessly as possible. The issue with RealText subtitles mentioned in VideoLAN-SA-0810 does not appear to apply to the 0.8.x branch. For the curious/doubtful/paranoid, more info on that can be found at: http://www.trapkit.de/advisories/TKADV2008-011.txt Fix: This patch generates the new file "vlc/files/patch-modules__access__vcd__cdrom.c" and bumps PORTREVISION. Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it.
miwi 2008-11-09 16:04:24 UTC FreeBSD ports repository Modified files: multimedia/vlc Makefile Added files: multimedia/vlc/files patch-modules__access__vcd__cdrom.c Log: Fix a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. PR: 128660 Submitted by: "Joseph S. Atkinson" <jsa@wickedmachine.net> (maintainer) Security: http://www.vuxml.org/freebsd/4b09378e-addb-11dd-a578-0030843d3802.html Revision Changes Path 1.178 +1 -1 ports/multimedia/vlc/Makefile 1.1 +111 -0 ports/multimedia/vlc/files/patch-modules__access__vcd__cdrom.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!