[vlc-devel] CVE-2008-3732

Jean-Baptiste Kempf jb at videolan.org
Fri Aug 22 18:22:44 CEST 2008

On Thu, Aug 21, 2008 at 07:03:49PM +0300, Rémi Denis-Courmont wrote :
> Some asocial pirate going by the nickname of "g_" has found and published a 
> buffer overflow vulnerability in the TTA file parser a few days ago. Now, 
> there is nothing wrong with looking for vulnerabilities in VLC. But there is 
> something wrong when you go to Bugtraq and do not even contact us - *at*all* 
> (not even afterwards). Oh and the CVE guys have assigned a CVE candidate 
> number without even contacting us either...
Just to tell that I made some 0.8.6 binaries for win32 that fix this
issue. However, the version number is still 0.8.6i.

Jean-Baptiste Kempf

More information about the vlc-devel mailing list