ports/129355: Bump multimedia/vlc-devel to 0.9.8 to address CVE-2008-5276
Joseph S. Atkinson
jsa at wickedmachine.net
Tue Dec 2 01:20:01 UTC 2008
>Number: 129355
>Category: ports
>Synopsis: Bump multimedia/vlc-devel to 0.9.8 to address CVE-2008-5276
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 02 01:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Joseph S. Atkinson
>Release:
>Organization:
>Environment:
>Description:
Move vlc-devel to 0.9.8.
This bump addresses a vulnerability in the Real Media demuxer that can allow an attacker to create a heap overflow.
CVE-2008-5276
VideoLAN-SA-0811
TKADV2008-013
A proper vulnxml submission is to follow.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ru vlc-devel.orig/Makefile vlc-devel/Makefile
--- vlc-devel.orig/Makefile 2008-11-15 18:38:13.000000000 -0500
+++ vlc-devel/Makefile 2008-12-01 18:06:50.000000000 -0500
@@ -9,7 +9,7 @@
#
PORTNAME= vlc
-DISTVERSION= 0.9.6
+DISTVERSION= 0.9.8
PORTEPOCH= 3
CATEGORIES= multimedia audio ipv6 net www
MASTER_SITES= http://download.videolan.org/pub/videolan/${PORTNAME}/${DISTVERSION}/ \
diff -ru vlc-devel.orig/distinfo vlc-devel/distinfo
--- vlc-devel.orig/distinfo 2008-11-09 11:06:10.000000000 -0500
+++ vlc-devel/distinfo 2008-12-01 18:10:37.000000000 -0500
@@ -1,3 +1,3 @@
-MD5 (vlc-0.9.6.tar.bz2) = cd71276ed867029a6d077a40bccd4d05
-SHA256 (vlc-0.9.6.tar.bz2) = ac091ba9b2e2e9aff293969b3405b145c09789e59ac0caab2247211a19e09a8a
-SIZE (vlc-0.9.6.tar.bz2) = 16981922
+MD5 (vlc-0.9.8.tar.bz2) = 37d04a166096af9c856a7f1b7326bbac
+SHA256 (vlc-0.9.8.tar.bz2) = c1e995b5aa6bd9617169d9cea6bf28436a77d206e6fff696a7336e64c81abe10
+SIZE (vlc-0.9.8.tar.bz2) = 17029733
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list