ports/129355: Bump multimedia/vlc-devel to 0.9.8 to address CVE-2008-5276

[Joseph S. Atkinson]

>Number:         129355
>Category:       ports
>Synopsis:       Bump multimedia/vlc-devel to 0.9.8 to address CVE-2008-5276
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 02 01:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Joseph S. Atkinson
>Release:        
>Organization:
>Environment:
>Description:
Move vlc-devel to 0.9.8.

This bump addresses a vulnerability in the Real Media demuxer that can allow an attacker to create a heap overflow.

CVE-2008-5276
VideoLAN-SA-0811
TKADV2008-013

A proper vulnxml submission is to follow.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ru vlc-devel.orig/Makefile vlc-devel/Makefile
--- vlc-devel.orig/Makefile	2008-11-15 18:38:13.000000000 -0500
+++ vlc-devel/Makefile	2008-12-01 18:06:50.000000000 -0500
@@ -9,7 +9,7 @@
 #
 
 PORTNAME=	vlc
-DISTVERSION=	0.9.6
+DISTVERSION=	0.9.8
 PORTEPOCH=	3
 CATEGORIES=	multimedia audio ipv6 net www
 MASTER_SITES=	http://download.videolan.org/pub/videolan/${PORTNAME}/${DISTVERSION}/ \
diff -ru vlc-devel.orig/distinfo vlc-devel/distinfo
--- vlc-devel.orig/distinfo	2008-11-09 11:06:10.000000000 -0500
+++ vlc-devel/distinfo	2008-12-01 18:10:37.000000000 -0500
@@ -1,3 +1,3 @@
-MD5 (vlc-0.9.6.tar.bz2) = cd71276ed867029a6d077a40bccd4d05
-SHA256 (vlc-0.9.6.tar.bz2) = ac091ba9b2e2e9aff293969b3405b145c09789e59ac0caab2247211a19e09a8a
-SIZE (vlc-0.9.6.tar.bz2) = 16981922
+MD5 (vlc-0.9.8.tar.bz2) = 37d04a166096af9c856a7f1b7326bbac
+SHA256 (vlc-0.9.8.tar.bz2) = c1e995b5aa6bd9617169d9cea6bf28436a77d206e6fff696a7336e64c81abe10
+SIZE (vlc-0.9.8.tar.bz2) = 17029733


>Release-Note:
>Audit-Trail:
>Unformatted: