[ubuntu/precise-updates] vlc 2.0.3-0ubuntu0.12.04.1 (Accepted)

Brian Murray brian at ubuntu.com
Thu Aug 2 21:17:09 UTC 2012


vlc (2.0.3-0ubuntu0.12.04.1) precise-security; urgency=low

  * New bug-fixing upstream release (LP: #1025713).
  * SECURITY UPDATE: Heap-based buffer overflow in the Ogg_DecodePacket function
    in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before
    2.0.2 allows remote attackers to cause a denial of service (application
    crash) and possibly execute arbitrary code via a crafted OGG file.
    - CVE-2012-3377

Date: 2012-07-24 22:35:40.396049+00:00
Changed-By: Benjamin Drung <bdrung at debian.org>
Signed-By: Brian Murray <brian at ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/vlc/2.0.3-0ubuntu0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list