Bug 129356

Summary: Document CVE-2008-5276 for multimedia/vlc-devel
Product: Ports & Packages Reporter: Joseph S. Atkinson <jsa>
Component: Individual Port(s)Assignee: Martin Wilke <miwi>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.txt none

Description Joseph S. Atkinson 2008-12-02 01:40:00 UTC 
This is an attempt to document CVE-2008-5276 for multimedia/vlc-devel in which a specially crafted Real Media (.rm) file can potentially be used to create a heap overflow.

This is my first attempt at a vulnxml entry, so be gentle. Constructive criticism welcomed.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-12-02 01:40:12 UTC 
Class Changed
From-To: sw-bug->maintainer-update

Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool)
Comment 2 Martin Wilke freebsd_committer freebsd_triage 2008-12-02 05:32:56 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 3 Joseph S Atkinson 2008-12-03 21:46:51 UTC 
Affected versions are now prior to:

0.9.8.a,3
Comment 4 Martin Wilke freebsd_committer freebsd_triage 2008-12-06 23:47:41 UTC 
State Changed
From-To: open->closed

documented. Thanks for your submission.