[vlc-devel] CVE-2008-3732
Jean-Baptiste Kempf
jb at videolan.org
Fri Aug 22 18:22:44 CEST 2008
On Thu, Aug 21, 2008 at 07:03:49PM +0300, Rémi Denis-Courmont wrote :
> Some asocial pirate going by the nickname of "g_" has found and published a
> buffer overflow vulnerability in the TTA file parser a few days ago. Now,
> there is nothing wrong with looking for vulnerabilities in VLC. But there is
> something wrong when you go to Bugtraq and do not even contact us - *at*all*
> (not even afterwards). Oh and the CVE guys have assigned a CVE candidate
> number without even contacting us either...
Just to tell that I made some 0.8.6 binaries for win32 that fix this
issue. However, the version number is still 0.8.6i.
--
Jean-Baptiste Kempf
http://www.jbkempf.com/
More information about the vlc-devel
mailing list