[www-doc] [Git][VideoLAN.org/websites][master] Update SA1901

Hugo Beauzée-Luyssen gitlab at videolan.org
Mon Jun 24 12:18:44 CEST 2019



Hugo Beauzée-Luyssen pushed to branch master at VideoLAN organization / websites


Commits:
db2a5f5d by Hugo Beauzée-Luyssen at 2019-06-24T10:18:27Z
Update SA1901

- - - - -


1 changed file:

- www.videolan.org/security/sa1901.php


Changes:

=====================================
www.videolan.org/security/sa1901.php
=====================================
@@ -28,7 +28,6 @@ double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively</p>
 
 <h2>Threat mitigation</h2>
 <p>Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.</p>
-<p>ASLR and DEP help reduce exposure, but may be bypassed.</p>
 
 <h2>Workarounds</h2>
 <p>The user should refrain from opening files from untrusted third parties
@@ -37,7 +36,8 @@ until the patch is applied.
 </p>
 
 <h2>Solution</h2>
-<p>VLC media player <b>3.0.7</b> addresses the issue.
+<p>VLC media player <b>3.0.7</b> addresses the issues.
+This release also fixes an important security issue that could lead to code execution when playing an AAC file.
 </p>
 
 <h2>Credits</h2>



View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/db2a5f5db362e511be9dca5fbeab536407c4f1c6

-- 
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/db2a5f5db362e511be9dca5fbeab536407c4f1c6
You're receiving this email because of your account on code.videolan.org.



More information about the www-doc mailing list