The VideoLAN Forums

Discussion and support for VLC media player and friends
http://forum.videolan.org/

Why wasn't there a release to fix CVE-2015-5949?

http://forum.videolan.org/viewtopic.php?f=2&t=128447

Page 1 of 1

Why wasn't there a release to fix CVE-2015-5949?

Posted: 15 Sep 2015 06:24
by pacpac
I'm using VLC Player 2.2.1. About a month ago I received a security advisory of an arbitrary pointer dereference in VLC player. Though this issue was fixed in the repo over a month ago there hasn't been a VLC Player 2.2.2 released with the fix. Also the issue is not listed on your security page. Why not?

Re: Why wasn't there a release to fix CVE-2015-5949?

Posted: 28 Sep 2015 07:40
by pacpac
Does nobody know the answer to this?

Re: Why wasn't there a release to fix CVE-2015-5949?

Posted: 14 Oct 2015 07:52
by pacpac
Hello again, hate to be a bother, but can someone answer this? Is this an issue that can be exploited if I open in VLC player a video file I downloaded?

Re: Why wasn't there a release to fix CVE-2015-5949?

Posted: 08 Dec 2015 21:00
by pacpac
So it's been over 3 months now, will no one address this?
All times are UTC+01:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/