PublicDate: 2008-01-16 22:00:00 UTC
Candidate: CVE-2008-0295
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0295
Description:
 Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the
 Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier,
 allows user-assisted remote attackers to cause a denial of service (crash)
 or execute arbitrary code via long Session Description Protocol (SDP) data.
Ubuntu-Description:
Notes:
 jdstrand> per Debian this does not affect xine-lib, just vlc as it ships
   a really old version
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_vlc:
upstream_vlc: released (0.8.6e)
dapper_vlc: ignored (reached end-of-life)
edgy_vlc: needed (reached end-of-life)
feisty_vlc: needed (reached end-of-life)
gutsy_vlc: needed (reached end-of-life)
hardy_vlc: released (0.8.6e-0ubuntu1)
intrepid_vlc: released (0.8.6e-0ubuntu1)
jaunty_vlc: released (0.8.6e-0ubuntu1)
karmic_vlc: released (0.8.6e-0ubuntu1)
devel_vlc: released (0.8.6e-0ubuntu1)