ports/154451: [PATCH] multimedia/vlc: fix execution of arbitrary code [feature safe]

Ruslan Mahmatkhanov cvs-src at yandex.ru
Tue Feb 1 20:40:10 UTC 2011 

>Number:         154451
>Category:       ports
>Synopsis:       [PATCH] multimedia/vlc: fix execution of arbitrary code [feature safe]
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 01 20:40:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Ruslan Mahmatkhanov
>Release:        8.2-PRERELEASE
>Organization:
>Environment:
8.2-PRERELEASE i386
>Description:
- advisory: http://www.videolan.org/security/sa1102.html
- patch is from there: http://git.videolan.org/?p=vlc.git;a=commit;h=59491dcedffbf97612d2c572943b56ee4289dd07
- bump PORTREVISION, because matroska is enabled by default
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruNa vlc.orig/Makefile vlc/Makefile
--- vlc.orig/Makefile	2011-01-30 03:04:10.000000000 +0300
+++ vlc/Makefile	2011-02-01 23:33:07.000000000 +0300
@@ -8,6 +8,7 @@
 PORTNAME=	vlc
 DISTVERSION=	1.1.6
 PORTEPOCH=	3
+PORTREVISION=	1
 CATEGORIES=	multimedia audio ipv6 net www
 MASTER_SITES=	http://download.videolan.org/pub/videolan/${PORTNAME}/${DISTVERSION}/ \
 		http://ftp.snt.utwente.nl/pub/software/videolan/${PORTNAME}/${DISTVERSION}/ \
diff -ruNa vlc.orig/files/patch-modules-demux-mkv_mkv.hpp vlc/files/patch-modules-demux-mkv_mkv.hpp
--- vlc.orig/files/patch-modules-demux-mkv_mkv.hpp	1970-01-01 03:00:00.000000000 +0300
+++ vlc/files/patch-modules-demux-mkv_mkv.hpp	2011-02-01 23:30:00.000000000 +0300
@@ -0,0 +1,13 @@
+diff --git a/modules/demux/mkv/mkv.hpp b/modules/demux/mkv/mkv.hpp
+index f0e87c6..664cafa 100644
+--- a/modules/demux/mkv/mkv.hpp
++++ b/modules/demux/mkv/mkv.hpp
+@@ -115,7 +115,7 @@ extern "C" {
+ 
+ #define MKVD_TIMECODESCALE 1000000
+ 
+-#define MKV_IS_ID( el, C ) ( EbmlId( (*el) ) == C::ClassInfos.GlobalId )
++#define MKV_IS_ID( el, C ) ( el != NULL && typeid( *el ) == typeid( C ) )
+ 
+ 
+ using namespace LIBMATROSKA_NAMESPACE;


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list