Pardus alert 2011-99 (vlc vlc-firefox)

From:
    	       Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	       pardus-security@pardus.org.tr 
Subject:
    	       [Pardus-security]  [PLSA 2011-99] vlc: Integer Overflow 
Date:
    	       Thu, 14 Jul 2011 09:32:17 +0300
Message-ID:
    	       <201107140932.17348.meltem@pardus.org.tr>

------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-99            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-07-14
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in vlc. 

Description
===========

CVE-2011-2194: 

Integer overflow in the XSPF playlist parser in VLC 0.8.5 through 1.1.9 
allows remote attackers to  cause  a  denial  of  service  (crash)  and 
possibly execute arbitrary code via unspecified vectors that trigger  a 
heap-based buffer overflow. 

Affected packages:

  Pardus 2009:
    vlc, all before 1.1.4-52-30
    vlc-firefox, all before 1.1.4-52

  Pardus 2011:
    vlc, all before 1.1.10-55-p11

Resolution
==========

There are update(s) for vlc,  vlc-firefox.  You  can  update  them  via 
Package Manager or with a single command from console: 

  Pardus 2009:
    pisi up vlc vlc-firefox

  Pardus 2011:
    pisi up vlc

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18346

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security

From:		Meltem Parmaksız <meltem@pardus.org.tr>
To:		pardus-security@pardus.org.tr
Subject:		[Pardus-security] [PLSA 2011-99] vlc: Integer Overflow
Date:		Thu, 14 Jul 2011 09:32:17 +0300
Message-ID:		<201107140932.17348.meltem@pardus.org.tr>