129356 – Document CVE-2008-5276 for multimedia/vlc-devel

Bug 129356 - Document CVE-2008-5276 for multimedia/vlc-devel

Summary: Document CVE-2008-5276 for multimedia/vlc-devel

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Martin Wilke

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-12-02 01:40 UTC by Joseph S. Atkinson
Modified:	2008-12-06 23:47 UTC (History)
CC List:	0 users

See Also:

Attachments
file.txt (1.37 KB, text/plain) 2008-12-02 01:40 UTC, Joseph S. Atkinson	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joseph S. Atkinson 2008-12-02 01:40:00 UTC

This is an attempt to document CVE-2008-5276 for multimedia/vlc-devel in which a specially crafted Real Media (.rm) file can potentially be used to create a heap overflow.

This is my first attempt at a vulnxml entry, so be gentle. Constructive criticism welcomed.

Fix: Patch attached with submission follows:

Comment 1 Edwin Groothuis freebsd_committer

2008-12-02 01:40:12 UTC

Class Changed
From-To: sw-bug->maintainer-update

Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool)

Comment 2 Martin Wilke freebsd_committer

2008-12-02 05:32:56 UTC

Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.

Comment 3 Joseph S Atkinson 2008-12-03 21:46:51 UTC

Affected versions are now prior to:

0.9.8.a,3

Comment 4 Martin Wilke freebsd_committer

2008-12-06 23:47:41 UTC

State Changed
From-To: open->closed

documented. Thanks for your submission.