VLC Arbitrary memory overwrite in the MP4 demuxer

added ubuntu-universe-sponsor for upload this fix in hardy.

now working to gutsy.

corrected version in hardy.

Did you check it builds correctly in hardy? vlc needs adjustments to build with xulrunner-1.9 in hardy. And one could also fix bug 194907 while working on it.

I'll take care of making it work with xulrunner-1.9

This bug was fixed in the package vlc - 0.8.6.release.d-0ubuntu4

---------------
vlc (0.8.6.release.d-0ubuntu4) hardy; urgency=low

  [ Emanuele Gentili ]
  * SECURITY UPDATE:
    - debian/patches/021_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer) suffers
       from an arbitrary memory overwrite vulnerability when using crash the player
       instance.

  * References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

  [ Mario Limonciello ]
  * debian/control:
    - Build debian on libxul-dev instead of firefox-dev
  * debian/rules:
    - Use xulrunner-config rather than firefox-config (LP: #194907)

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 00:33:06 +0100

Uploaded with minor changes to the changelog.

This bug was fixed in the package vlc - 0.8.6.release.c-0ubuntu5.1

---------------
vlc (0.8.6.release.c-0ubuntu5.1) gutsy-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/031_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 01:28:37 +0100

This bug was fixed in the package vlc - 0.8.6.release-0ubuntu4.1

---------------
vlc (0.8.6.release-0ubuntu4.1) feisty-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/031_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 02:48:48 +0100

vlc (0.8.4.debian-1ubuntu6.2) dapper-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/CVE-2008-0984.dpatch (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 03:09:28 +0100

vlc (0.8.6-svn20061012.debian-1ubuntu1.2) edgy-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/CVE-2008-0984.patch (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 20:25:38 +0100