Move vlc-devel to 0.9.8. This bump addresses a vulnerability in the Real Media demuxer that can allow an attacker to create a heap overflow. CVE-2008-5276 VideoLAN-SA-0811 TKADV2008-013 A proper vulnxml submission is to follow. Fix: Patch attached with submission follows:
The accompanying vulnxml entry can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=129356
Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it.
I ran into issues with vlc-devel 0.9.8 where qvlc crashes on exit. As an alternative to committing an unstable version at this time, I pulled the Real Media patches from git and rolled them up for 0.9.6. This includes a small tweak that came a day or so after they rolled up 0.9.8. 0.9.8 still hasn't been announced officially yet either, so I am not comfortable with this at the moment. The skipped 0.9.7 after a failed attempt to fix the Real Media issue once already. I will follow up if I find out something else or find a fix for the crash. If you commit this patch under files/ instead, change the range on the vulnxml (ports/129356) to match our local portrevision.
VideoLAN did move to 0.9.8a and the crash I mentioned seems to be a local phenomena. Please test and commit this instead. Also, note on vulnxml (ports/129356).
miwi 2008-12-06 23:51:51 UTC FreeBSD ports repository Modified files: multimedia/vlc-devel Makefile distinfo Log: - Update to 0.9.8a PR: 129355 Submitted by: maintainer Security: http://www.vuxml.org/freebsd/acf80afa-c3ef-11dd-a721-0030843d3802.html Revision Changes Path 1.211 +1 -1 ports/multimedia/vlc-devel/Makefile 1.55 +3 -3 ports/multimedia/vlc-devel/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!