[ubuntu/precise-security] vlc 2.0.3-0ubuntu0.12.04.1 (Accepted)

Brian Murray brian at ubuntu.com
Thu Aug 2 21:18:03 UTC 2012

vlc (2.0.3-0ubuntu0.12.04.1) precise-security; urgency=low

  * New bug-fixing upstream release (LP: #1025713).
  * SECURITY UPDATE: Heap-based buffer overflow in the Ogg_DecodePacket function
    in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before
    2.0.2 allows remote attackers to cause a denial of service (application
    crash) and possibly execute arbitrary code via a crafted OGG file.
    - CVE-2012-3377

Date: 2012-07-24 22:35:40.396049+00:00
Changed-By: Benjamin Drung <bdrung at debian.org>
Signed-By: Brian Murray <brian at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list