lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 20 Aug 2019 22:04:33 +0000
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4504-1] vlc security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4504-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 20, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vlc
CVE ID         : CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 
                 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 
                 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970

Multiple security issues were discovered in the VLC media player, which
could result in the execution of arbitrary code or denial of service if
a malformed file/stream is processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.0.8-0+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 3.0.8-0+deb10u1.

We recommend that you upgrade your vlc packages.

For the detailed security status of vlc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vlc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1cbfoACgkQEMKTtsN8
TjahTxAAiWyxMxxc2KLdqiajI5UHFIAdakLsax2DDtTDD5KKkKMqp4BNuIfzuWSS
ffiMaCfs7Wev1HV8NarnffCxEO5SnEvE6AQ8TVZwbw4hVZ1ajA30Ycs/73aPhQsK
4IZKCxhZqSjE0bL3l41kqVVhcduauBI1SzGK3++nE6Gsljv9pxQOvwwTzZeQR+rr
Apg61rnlsW9kqerDGL8GysfSBWpSPyW3RkcWwd5j+AFQCY7TmRKRDLM7PY3Fvgjp
izF+e3WWrIl4mhJTWn4XdvFJAcoB5XKPkYUnnuq4bjCNEFdEF3MFO1gJdQMslQLe
RNfLQ1q0xLegICYlXCOt7ec/bkcgofAav3hrtkd7KdqRsguL910/2QxI6k8fX45z
ifUwzMCf5WnxR2R4M1viPdi0PnnsIouEEI21ERQRaB5Lro1xslOt8wgYexIDSQX4
IWq0J9Y6xd8TvGrCMSpRp8oshAfjVcR50O9vxCJelc7n8Pan1pOGjLXhgivUVYaY
J7e+03c3zILgp+MHCw1m6gk31ria81r0TcOxQx3DFamB6GRo8zN1cPaXhaKRC2b8
qrog0oOYcET0mPzFUHV0olzOPrM8DXPKyUkU90hqjaODMf0Zuv2jPb1YIql4CWEy
hBpqn1pMmMVHaj3BzQN6lEezoxd5gF7fwUMrKbk6xpdlLmmj6vA=
=aXUT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists