The multimedia/vlc port has multiple security vulnerabilities (CVE-2012-1775, CVE-2012-1776) and needs to be updated from the (very old) version it's currently at. There should also be a vuxml update for them. http://www.videolan.org/security/sa1202.html http://www.videolan.org/security/sa1201.html Fix: Update the port. How-To-Repeat: Install the port.
Responsible Changed From-To: freebsd-ports-bugs->jsa Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->closed The vlc port has been updated to 2.0.3.
Author: nox Date: Sat Sep 15 17:22:33 2012 New Revision: 304320 URL: http://svn.freebsd.org/changeset/ports/304320 Log: Add vuxml for older versions of multimedia/vlc . PR: ports/169985 Submitted by: "Anders N." <wicked@baot.se> Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Sep 15 15:32:30 2012 (r304319) +++ head/security/vuxml/vuln.xml Sat Sep 15 17:22:33 2012 (r304320) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="62f36dfd-ff56-11e1-8821-001b2134ef46"> + <topic>vlc -- arbitrary code execution in Real RTSP and MMS support</topic> + <affects> + <package> + <name>vlc</name> + <range><lt>2.0.1,3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jean-Baptiste Kempf, on behalf of the VideoLAN project reports:</p> + <blockquote cite="http://www.videolan.org/security/sa1201.html"> + <p>If successful, a malicious third party could crash the VLC + media player process. Arbitrary code execution could be possible + on some systems.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.videolan.org/security/sa1201.html</url> + <url>http://www.videolan.org/security/sa1202.html</url> + <cvename>CVE-2012-1775</cvename> + <cvename>CVE-2012-1776</cvename> + </references> + <dates> + <discovery>2012-03-12</discovery> + <entry>2012-09-15</entry> + </dates> + </vuln> + <vuln vid="143f6932-fedb-11e1-ad4a-003067b2972c"> <topic>bacula -- Console ACL Bypass</topic> <affects> _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"