vlc: CVE-2008-0984 arbitrary code execution via crafted mp4 file

Debian Bug report logs - #467652
vlc: CVE-2008-0984 arbitrary code execution via crafted mp4 file

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Remi Denis-Courmont <rdenis@simphalempin.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: vlc: arbitrary memory overwrite in the MP4 demuxer

Date: Tue, 26 Feb 2008 19:58:13 +0200

Package: vlc
Version: 0.8.6.c-6
Severity: grave
Tags: security
Justification: user security hole


"VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
suffers from an arbitrary memory overwrite vulnerability when using
specially crafted (invalid) MP4 input files.

If successful, a malicious third party could trigger execution of
arbitrary code within the context of the VLC media player, or otherwise
crash the player instance.

Exploitation of the MP4 demuxer problem requires the user to explicitly
open a specially crafted file."

See also http://www.videolan.org/security/sa0802.html

This also affects Etch.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.2 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vlc depends on:
ii  libaa1                 1.4p5-34          ascii art library
ii  libatk1.0-0            1.20.0-1          The ATK accessibility toolkit
ii  libc6                  2.7-8             GNU C Library: Shared libraries
ii  libcaca0               0.99.beta13b-4    colour ASCII art library
ii  libcairo2              1.4.14-1          The Cairo 2D vector graphics libra
ii  libcdio7               0.78.2+dfsg1-2    library to read and control CD-ROM
ii  libcucul0              0.99.beta13b-4    low-level Unicode character drawin
ii  libdbus-1-3            1.1.4-1           simple interprocess messaging syst
ii  libdbus-glib-1-2       0.74-1            simple interprocess messaging syst
ii  libfreetype6           2.3.5-1+b1        FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3-20080219-1  GCC support library
ii  libgl1-mesa-glx [libgl 7.0.3~rc2-1       A free implementation of the OpenG
ii  libglib2.0-0           2.14.6-1          The GLib library of C routines
ii  libglu1-mesa [libglu1] 7.0.3~rc2-1       The OpenGL utility library (GLU)
ii  libgtk2.0-0            2.12.8-1          The GTK+ graphical user interface 
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libiso9660-5           0.78.2+dfsg1-2    library to work with ISO9660 files
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  libnotify1 [libnotify1 0.4.4-3           sends desktop notifications to a n
ii  libpango1.0-0          1.18.4-1          Layout and rendering of internatio
ii  libpng12-0             1.2.15~beta5-3    PNG library - runtime
ii  libsdl-image1.2        1.2.6-3           image loading library for Simple D
ii  libsdl1.2debian        1.2.13-2          Simple DirectMedia Layer
ii  libsm6                 2:1.0.3-1+b1      X11 Session Management library
ii  libstdc++6             4.3-20080219-1    The GNU Standard C++ Library v3
ii  libtar                 1.2.11-4          C library for manipulating tar arc
ii  libtiff4               3.8.2-7           Tag Image File Format (TIFF) libra
ii  libvcdinfo0            0.7.23-4          library to extract information fro
ii  libvlc0                0.8.6.c-6         multimedia player and streamer lib
ii  libwxbase2.6-0         2.6.3.2.2-2       wxBase library (runtime) - non-GUI
ii  libwxgtk2.6-0          2.6.3.2.2-2       wxWidgets Cross-platform C++ GUI t
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxext6               1:1.0.3-2         X11 miscellaneous extension librar
ii  libxinerama1           1:1.0.2-1         X11 Xinerama extension library
ii  libxosd2               2.2.14-1.5        X On-Screen Display library - runt
ii  libxv1                 1:1.0.3-1         X11 Video extension library
ii  ttf-dejavu-core        2.23-1            Vera font family derivate with add
ii  vlc-nox                0.8.6.c-6         multimedia player and streamer (wi
ii  zlib1g                 1:1.2.3.3.dfsg-11 compression library - runtime

vlc recommends no packages.

-- no debconf information

Message #10 received at 467652@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 467652@bugs.debian.org

Subject: Re: vlc: arbitrary memory overwrite in the MP4 demuxer

Date: Tue, 26 Feb 2008 19:32:14 +0100

[Message part 1 (text/plain, inline)]

tags 467652 + patch
thanks

Hi,
a CVE id for this issue is currently pending.
The patch can is on:
http://www.videolan.org/patches/vlc-0.8.6-CORE-2008-0130.patch

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #17 received at 467652@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 467652@bugs.debian.org

Subject: Re: Bug#467652: vlc: arbitrary memory overwrite in the MP4 demuxer

Date: Tue, 26 Feb 2008 20:51:21 +0100

[Message part 1 (text/plain, inline)]

retitle 467652 vlc: CVE-2008-0984 arbitrary code execution via crafted mp4 file
thanks

Hi,
use CVE-2008-0984 as the CVE id. Please mention it in the 
changelog if you fix this issue.

Kind regards
Nico

[Message part 2 (application/pgp-signature, inline)]

Message #24 received at 467652-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 467652-close@bugs.debian.org

Subject: Bug#467652: fixed in vlc 0.8.6.c-6+lenny1

Date: Thu, 28 Feb 2008 11:02:10 +0000

Source: vlc
Source-Version: 0.8.6.c-6+lenny1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.c-6+lenny1_i386.deb
libvlc0_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/libvlc0_0.8.6.c-6+lenny1_i386.deb
mozilla-plugin-vlc_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.c-6+lenny1_i386.deb
vlc-nox_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.c-6+lenny1_i386.deb
vlc-plugin-alsa_0.8.6.c-6+lenny1_all.deb
  to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.c-6+lenny1_all.deb
vlc-plugin-arts_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.c-6+lenny1_i386.deb
vlc-plugin-esd_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.c-6+lenny1_i386.deb
vlc-plugin-ggi_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.c-6+lenny1_i386.deb
vlc-plugin-glide_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-plugin-glide_0.8.6.c-6+lenny1_i386.deb
vlc-plugin-jack_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.c-6+lenny1_i386.deb
vlc-plugin-sdl_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.c-6+lenny1_i386.deb
vlc-plugin-svgalib_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.c-6+lenny1_i386.deb
vlc_0.8.6.c-6+lenny1.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.c-6+lenny1.diff.gz
vlc_0.8.6.c-6+lenny1.dsc
  to pool/main/v/vlc/vlc_0.8.6.c-6+lenny1.dsc
vlc_0.8.6.c-6+lenny1_i386.deb
  to pool/main/v/vlc/vlc_0.8.6.c-6+lenny1_i386.deb
wxvlc_0.8.6.c-6+lenny1_all.deb
  to pool/main/v/vlc/wxvlc_0.8.6.c-6+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 467652@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 27 Feb 2008 16:06:47 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-alsa vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib wxvlc vlc-plugin-jack
Architecture: source all i386
Version: 0.8.6.c-6+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-alsa - dummy transitional package
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
 wxvlc      - dummy transitional package
Closes: 467652
Changes: 
 vlc (0.8.6.c-6+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by security team.
   * This update addresses the following security issue:
     - CVE-2008-0986: A buffer overflow in the mpeg-4 demuxer
       could lead to arbitrary code execution via a crafted
       mp4 file (sec-CVE-2008-0984.diff; Closes: #467652).
Files: 
 8513f783a180c211ebd13248f36d3ad8 2713 graphics optional vlc_0.8.6.c-6+lenny1.dsc
 e01b8c433658a618a947b6a4e6a48b91 38090 graphics optional vlc_0.8.6.c-6+lenny1.diff.gz
 64297a74fbb648fdb32022468d77b77f 802 graphics optional vlc-plugin-alsa_0.8.6.c-6+lenny1_all.deb
 14b56d6b81798bac7f9b9eb85a465143 798 graphics optional wxvlc_0.8.6.c-6+lenny1_all.deb
 a5bb48d46164eaf2fe7e2861cd03f04e 1143410 graphics optional vlc_0.8.6.c-6+lenny1_i386.deb
 e7f627f8bb19ca8d2b7765ebc0dea03b 4710562 net optional vlc-nox_0.8.6.c-6+lenny1_i386.deb
 47fb8215f4deb6a70c65cf3a39a1f79f 467142 libs optional libvlc0_0.8.6.c-6+lenny1_i386.deb
 04d74dbff9be4f70a5689a1662399b5d 511126 libdevel optional libvlc0-dev_0.8.6.c-6+lenny1_i386.deb
 c077130f787c6cd2cd39611dbe1d7de4 4822 graphics optional vlc-plugin-esd_0.8.6.c-6+lenny1_i386.deb
 e99291e359c16c79fb2c133d32592f9a 10880 graphics optional vlc-plugin-sdl_0.8.6.c-6+lenny1_i386.deb
 0c557821de817733c193dd96f89c4d33 5932 graphics optional vlc-plugin-ggi_0.8.6.c-6+lenny1_i386.deb
 7087d64190189e27e1f5afbdaf8cf850 4196 graphics optional vlc-plugin-glide_0.8.6.c-6+lenny1_i386.deb
 6addbc33cbc0376fc25f56c45027a908 4072 graphics optional vlc-plugin-arts_0.8.6.c-6+lenny1_i386.deb
 7463cec14bd5bcdb3cdc41635d4b59ed 37774 graphics optional mozilla-plugin-vlc_0.8.6.c-6+lenny1_i386.deb
 6cca05181808b8566c6daed6f00416ad 4536 graphics optional vlc-plugin-svgalib_0.8.6.c-6+lenny1_i386.deb
 cf78b623c3a0bdd23e6d9d2ce477486d 4796 graphics optional vlc-plugin-jack_0.8.6.c-6+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHxapGHYflSXNkfP8RAipMAJ9IPSd9h4dlEC4c4JQJmoEJJ8xUewCfXCL7
0WsWpKF9p5b4AmwPsujyq64=
=3iab
-----END PGP SIGNATURE-----

Message #29 received at 467652-close@bugs.debian.org (full text, mbox, reply):

From: Christophe Mutricy <xtophe@videolan.org>

To: 467652-close@bugs.debian.org

Subject: Bug#467652: fixed in vlc 0.8.6.e-1

Date: Thu, 28 Feb 2008 16:02:12 +0000

Source: vlc
Source-Version: 0.8.6.e-1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.e-1_i386.deb
libvlc0_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/libvlc0_0.8.6.e-1_i386.deb
mozilla-plugin-vlc_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.e-1_i386.deb
vlc-nox_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.e-1_i386.deb
vlc-plugin-alsa_0.8.6.e-1_all.deb
  to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.e-1_all.deb
vlc-plugin-arts_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.e-1_i386.deb
vlc-plugin-esd_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.e-1_i386.deb
vlc-plugin-ggi_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.e-1_i386.deb
vlc-plugin-glide_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-glide_0.8.6.e-1_i386.deb
vlc-plugin-jack_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.e-1_i386.deb
vlc-plugin-sdl_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.e-1_i386.deb
vlc-plugin-svgalib_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.e-1_i386.deb
vlc_0.8.6.e-1.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.e-1.diff.gz
vlc_0.8.6.e-1.dsc
  to pool/main/v/vlc/vlc_0.8.6.e-1.dsc
vlc_0.8.6.e-1_i386.deb
  to pool/main/v/vlc/vlc_0.8.6.e-1_i386.deb
vlc_0.8.6.e.orig.tar.gz
  to pool/main/v/vlc/vlc_0.8.6.e.orig.tar.gz
wxvlc_0.8.6.e-1_all.deb
  to pool/main/v/vlc/wxvlc_0.8.6.e-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 467652@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christophe Mutricy <xtophe@videolan.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 25 Feb 2008 23:35:24 +0000
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-alsa vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib wxvlc vlc-plugin-jack
Architecture: source all i386
Version: 0.8.6.e-1
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Christophe Mutricy <xtophe@videolan.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-alsa - dummy transitional package
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
 wxvlc      - dummy transitional package
Closes: 404361 467652
Changes: 
 vlc (0.8.6.e-1) unstable; urgency=high
 .
   [ Christophe Mutricy ]
   * New security upstream release
     - CORE-2008-0130, VideoLAN-SA-0802, CVE-2008-0986: Arbitrary memory
       overwrite in the MP4 demuxer (Closes: #467652)
     - Others security fixes already included in the Debian package
     - Xshm detection fix (Closes: #404361)
     - Alsa 5.1 fixes
     - DTS to S/PDIF fixes
   * patches/
     - delete the uneeded sec-* patches
     - delete 100_no_wx_update.diff as the update "feature" has been removed
       upstream
 .
   [ Loic Minier ]
   * Urgency high for security bugfix.
Files: 
 5d94304e331dd86c5053444f73992b69 2699 graphics optional vlc_0.8.6.e-1.dsc
 e4b64e38b95e84a52b51dd433ba66972 16285612 graphics optional vlc_0.8.6.e.orig.tar.gz
 9ad35158c8af3ddd0ec5550a1ae2dd1e 35337 graphics optional vlc_0.8.6.e-1.diff.gz
 50f3751dcc0c775e3a267bb2043c39bc 798 graphics optional vlc-plugin-alsa_0.8.6.e-1_all.deb
 662e930519bea013709b6769f7cbd053 790 graphics optional wxvlc_0.8.6.e-1_all.deb
 24e9792e460cbefa00cb42c8d76e7c5e 1147424 graphics optional vlc_0.8.6.e-1_i386.deb
 32ace1fc868428220327e9ab5528e2f3 4829932 net optional vlc-nox_0.8.6.e-1_i386.deb
 da38894f2661a5f1519f0653bbcc8ff3 479994 libs optional libvlc0_0.8.6.e-1_i386.deb
 f008833ec10d3747ba2faf2746eef88f 510944 libdevel optional libvlc0-dev_0.8.6.e-1_i386.deb
 91dcd3f1f90961d16ecc4626d2485fca 4798 graphics optional vlc-plugin-esd_0.8.6.e-1_i386.deb
 be52cf60b46f0196683f300b3de52a77 10890 graphics optional vlc-plugin-sdl_0.8.6.e-1_i386.deb
 a7238d20c2c8472d094c81873a32e067 5926 graphics optional vlc-plugin-ggi_0.8.6.e-1_i386.deb
 2b507a54b7f600839c190d36a51bd85c 4186 graphics optional vlc-plugin-glide_0.8.6.e-1_i386.deb
 9879a969481f7f3efcd14b94a72ad47c 4068 graphics optional vlc-plugin-arts_0.8.6.e-1_i386.deb
 567509257baa9f47583a797e8d0a38cd 37838 graphics optional mozilla-plugin-vlc_0.8.6.e-1_i386.deb
 2ea52013d0a5954b82691dfcb2f2d343 4528 graphics optional vlc-plugin-svgalib_0.8.6.e-1_i386.deb
 716bf915fe466a24f8c966f533896491 4788 graphics optional vlc-plugin-jack_0.8.6.e-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHxsPv4VUX8isJIMARAsZbAKCEOG6p6MKqD23UlU9G0PpW7CIjQACfTXtM
bseLwnsYal2ZiydN54W73Q0=
=JVIZ
-----END PGP SIGNATURE-----

Message #34 received at 467652@bugs.debian.org (full text, mbox, reply):

From: Axel Beckert <beckert@phys.ethz.ch>

To: 467652@bugs.debian.org, control@bugs.debian.org

Cc: team@security.debian.org

Subject: CVE-2008-0984 (arbitrary code execution) is very likely to also affect the vlc version in Etch

Date: Tue, 4 Mar 2008 11:02:58 +0100

reopen 467652 !
found 467652 0.8.6-svn20061012.debian-5etch4
tag 467652 +etch
thanks

I have no exploit for CVE-2008-0984 available to proof that vlc in
Etch is vulnerable, but since the official patch applies to the vlc
source in Etch without problems, it is very likely that vlc in Etch is
also affected.

		Kind regards, Axel Beckert
-- 
Axel Beckert <beckert@phys.ethz.ch>       support: +41 44 633 2668
IT Support Group, HPR E 86.1              voice:   +41 44 633 4189
Departement Physik, ETH Zurich            fax:     +41 44 633 1239
CH-8093 Zurich, Switzerland		  http://nic.phys.ethz.ch/

Message #49 received at 467652@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: Axel Beckert <beckert@phys.ethz.ch>, 467652@bugs.debian.org

Subject: Re: Bug#467652: CVE-2008-0984 (arbitrary code execution) is very likely to also affect the vlc version in Etch

Date: Thu, 22 May 2008 00:54:24 +0200

[Message part 1 (text/plain, inline)]

Hi,
* Axel Beckert <beckert@phys.ethz.ch> [2008-03-04 12:57]:
> reopen 467652 !
> found 467652 0.8.6-svn20061012.debian-5etch4
> tag 467652 +etch
> thanks
> 
> I have no exploit for CVE-2008-0984 available to proof that vlc in
> Etch is vulnerable, but since the official patch applies to the vlc
> source in Etch without problems, it is very likely that vlc in Etch is
> also affected.

PoC: http://nion.modprobe.de/la.mov

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #54 received at 467652-done@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 467652-done@bugs.debian.org

Subject: closing

Date: Sun, 2 Nov 2008 13:18:58 +0100

[Message part 1 (text/plain, inline)]

Version: 0.8.6.e-1

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.