[www-doc] [Git][VideoLAN.org/websites][master] Update SA1901
Hugo Beauzée-Luyssen
gitlab at videolan.org
Mon Jun 24 12:18:44 CEST 2019
Hugo Beauzée-Luyssen pushed to branch master at VideoLAN organization / websites
Commits:
db2a5f5d by Hugo Beauzée-Luyssen at 2019-06-24T10:18:27Z
Update SA1901
- - - - -
1 changed file:
- www.videolan.org/security/sa1901.php
Changes:
=====================================
www.videolan.org/security/sa1901.php
=====================================
@@ -28,7 +28,6 @@ double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively</p>
<h2>Threat mitigation</h2>
<p>Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.</p>
-<p>ASLR and DEP help reduce exposure, but may be bypassed.</p>
<h2>Workarounds</h2>
<p>The user should refrain from opening files from untrusted third parties
@@ -37,7 +36,8 @@ until the patch is applied.
</p>
<h2>Solution</h2>
-<p>VLC media player <b>3.0.7</b> addresses the issue.
+<p>VLC media player <b>3.0.7</b> addresses the issues.
+This release also fixes an important security issue that could lead to code execution when playing an AAC file.
</p>
<h2>Credits</h2>
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/db2a5f5db362e511be9dca5fbeab536407c4f1c6
--
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/db2a5f5db362e511be9dca5fbeab536407c4f1c6
You're receiving this email because of your account on code.videolan.org.
More information about the www-doc
mailing list