Secure testing team - Jul 2008 - Bug#490900: vlc: new version 0.8.6i fixes CVE-2008-2430 (integer overflow in WAV demuxer)

Package: vlc
Version: 0.8.6.h-1
Severity: grave
Tags: security
Justification: user security hole

Hello,

http://wiki.videolan.org/Changelog/0.8.6i

  Security updates

      * Fixed integer overflow in WAV demuxer (CVE-2008-2430) 
  ...

Thanks for updating the package.

No?l

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlc depends on:
ii  libaa1                 1.4p5-37+b1       ascii art library
ii  libatk1.0-0            1.22.0-1          The ATK accessibility toolkit
ii  libavcodec51           0.svn20080206-10  ffmpeg codec library
ii  libc6                  2.7-12            GNU C Library: Shared libraries
ii  libcaca0               0.99.beta14-1     colour ASCII art library
ii  libcairo2              1.6.4-6           The Cairo 2D vector graphics libra
ii  libcdio7               0.78.2+dfsg1-3    library to read and control CD-ROM
ii  libcucul0              0.99.beta14-1     low-level Unicode character drawin
ii  libdbus-1-3            1.2.1-2           simple interprocess messaging syst
ii  libdbus-glib-1-2       0.76-1            simple interprocess messaging syst
ii  libfreetype6           2.3.7-1           FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3.1-6         GCC support library
ii  libgl1-mesa-glx [libgl 7.0.3-5           A free implementation of the OpenG
ii  libglib2.0-0           2.16.4-1          The GLib library of C routines
ii  libglu1-mesa [libglu1] 7.0.3-5           The OpenGL utility library (GLU)
ii  libgtk2.0-0            2.12.11-1         The GTK+ graphical user interface 
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libiso9660-5           0.78.2+dfsg1-3    library to work with ISO9660 files
ii  libjpeg62              6b-14             The Independent JPEG
Group''s JPEG
ii  libnotify1 [libnotify1 0.4.4-3           sends desktop notifications to a n
ii  libpango1.0-0          1.20.5-1          Layout and rendering of internatio
ii  libpng12-0             1.2.27-1          PNG library - runtime
ii  libsdl-image1.2        1.2.6-3           image loading library for Simple D
ii  libsdl1.2debian        1.2.13-2          Simple DirectMedia Layer
ii  libsm6                 2:1.0.3-2         X11 Session Management library
ii  libstdc++6             4.3.1-6           The GNU Standard C++ Library v3
ii  libtar                 1.2.11-5          C library for manipulating tar arc
ii  libtiff4               3.8.2-10          Tag Image File Format (TIFF) libra
ii  libvcdinfo0            0.7.23-4          library to extract information fro
ii  libvlc0                0.8.6.h-1         multimedia player and streamer lib
ii  libwxbase2.6-0         2.6.3.2.2-2       wxBase library (runtime) - non-GUI
ii  libwxgtk2.6-0          2.6.3.2.2-2       wxWidgets Cross-platform C++ GUI t
ii  libx11-6               2:1.1.4-2         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxinerama1           2:1.0.3-2         X11 Xinerama extension library
ii  libxosd2               2.2.14-1.5        X On-Screen Display library - runt
ii  libxv1                 2:1.0.4-1         X11 Video extension library
ii  ttf-dejavu-core        2.25-1            Vera font family derivate with add
ii  vlc-nox                0.8.6.h-1         multimedia player and streamer (wi
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

vlc recommends no packages.

-- no debconf information