-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                         ESB-2009.0586 -- [Debian]
                       vlc: Multiple Vulnerabilities
                               19 June 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              vlc
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
Impact:               Execute Arbitrary Code/Commands
                      Increased Privileges
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-5032 CVE-2008-4686 CVE-2008-3794
                      CVE-2008-2430 CVE-2008-2147 CVE-2008-1881
                      CVE-2008-1769 CVE-2008-1768

Ref:                  AA-2008.0155

Original Bulletin:    http://www.debian.org/security/2009/dsa-1819

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1819-1                  security@debian.org
http://www.debian.org/security/                         Steffen Joeris
June 18, 2009                   http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : vlc               
Vulnerability  : several vulnerabilities
Problem type   : local (remote)         
Debian-specific: no                     
CVE Ids        : CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 
                 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 
Debian Bugs    : 478140 477805 489004 496265 503118 504639 480724        


Several vulnerabilities have been discovered in vlc, a multimedia player
and streamer. The Common Vulnerabilities and Exposures project          
identifies the following problems:                                      

CVE-2008-1768

Drew Yao discovered that multiple integer overflows in the MP4 demuxer,
Real demuxer and Cinepak codec can lead to the execution of arbitrary  
code.                                                                  

CVE-2008-1769

Drew Yao discovered that the Cinepak codec is prone to a memory
corruption, which can be triggered by a crafted Cinepak file.  

CVE-2008-1881

Luigi Auriemma discovered that it is possible to execute arbitrary code
via a long subtitle in an SSA file.

CVE-2008-2147

It was discovered that vlc is prone to a search path vulnerability,
which allows local users to perform privilege escalations.

CVE-2008-2430

Alin Rad Pop discovered that it is possible to execute arbitrary code
when opening a WAV file containing a large fmt chunk.

CVE-2008-3794

Pınar Yanardağ discovered that it is possible to execute arbitrary code
when opening a crafted mmst link.

CVE-2008-4686

Tobias Klein discovered that it is possible to execute arbitrary code
when opening a crafted .ty file.

CVE-2008-5032

Tobias Klein discovered that it is possible to execute arbitrary code
when opening an invalid CUE image file with a crafted header.


For the oldstable distribution (etch), these problems have been fixed
in version 0.8.6-svn20061012.debian-5.1+etch3.

For the stable distribution (lenny), these problems have been fixed in
version 0.8.6.h-4+lenny2, which was already included in the lenny
release.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 0.8.6.h-5.


We recommend that you upgrade your vlc packages.



Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Debian (oldstable)
- - ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian.orig.tar.gz
    Size/MD5 checksum: 15168393 30c18a2fdc4105606033ff6e6aeab81c
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.diff.gz
    Size/MD5 checksum:  2390010 aacfe6dc712b98ae872794d9d70fe1e3
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.dsc
    Size/MD5 checksum:     2622 bc3a4f4ee0ecd699820b478e96beecad

Architecture independent packages:

  http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5.1+etch3_all.deb
    Size/MD5 checksum:      778 62c36d9c3fe088478b442efec17b5b7e
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5.1+etch3_all.deb
    Size/MD5 checksum:      786 12f8c6ef696cb7c6b8b1e33b313f72f0

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:     5028 1c44834297096fe893775a5d95d1913b
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:     4444 ad948e7f91e08a0261a009a62bd2a76b
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:  1157956 da37f9efbdef57c192781d775818e042
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:    40298 3c6639b6241c035f35508ed2b41e94b7
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:  5169476 7342181513646f6562051fe843dab946
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:    13048 63b8dfc325bf011cd9ab2762ac404da8
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:    20162 9fd790aaa1a58aaa7de59ca17eec2ea9
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:  1306476 230f2731958e3d9740198c66b7a14531
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
    Size/MD5 checksum:     6942 96f9d8b30b4c66b9d81a47e3f6141b7a

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:    20226 73bbae9c7491cb8fb99ae3c9e3b34670
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:    11336 623ceac24cb2a59cbbdb96723c7feb4d
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:     6054 99babdfe76e9ce755f36add0f01750bb
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:  4667204 0304843fa1801c73ddd1b3e38cb66adf
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:   951212 9b43d2bc0cbc149000e904d4251e05a0
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:    36766 db3ee54d447f07bf7baf12dd69ebba3f
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:     4518 24bd15d1aa8f929e5e122130931a3bdd
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:     4188 9c82be723419ef7c45c28fa850d8a006
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
    Size/MD5 checksum:  1144154 67bc1eb6d916e8fa6dd6f55e283f7c08

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:     4206 41e5a43abe8480afefb61b0a539b7170
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:    20124 41ef717a928b54131f6576645fb11aae
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:     6096 431cb2ba76f85a4fc8a2e12d3f0fbb7a
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:   998448 9f638f133362b620b1a25be555774f62
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:  1262714 9aca627018c73b385c1585f67e611c85
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:    33318 b34aa4d414f141614bf8e24a2fa7d1f5
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:  4720770 6084cfde985ecc782d131d87376d5631
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:    10810 05901b3cb763c6df7512e95b21ae3057
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
    Size/MD5 checksum:     5582 089ffa3b5ab140334680b9d420f28fe2

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:     6970 9f4a68eee0c5c64b3020417d4c94a2ea
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:     7802 15eb78a9af99e4621e8e16c1db792a83
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:     5360 fd9392b53054be7cf8a875ead65b74ae
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:    46662 231785bcf877904edc5689be92765764
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:  5241886 ecf4256f3266b72398d3102d778e0c0b
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:    20090 7245b16edcd128fa86d6dbc25e9acdf3
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:    13752 5c113155b10404e94aa695346eec0437
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:  1083956 3b4c77690fbe73efe95ad664487edf3d
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
    Size/MD5 checksum:  1374550 c09d8dc3870426212a7be03c49f77be3

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:  1137756 c55814ba9192c4c2c81a983bfb3b0b4d
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:    10714 fb4d96ed4c70d57410aa1b9a3686d04c
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:     4138 f137b88a817cc34f4ce3bece8f95d0b5
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:  4652906 3321d798ec1146fea206b6e4120a0801
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:    20104 5742bd41d213b498063e8070723361cf
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:   959380 1c496575c6b3966348595a2ee9b5b822
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:    36190 82b82e147a2460780cfda4d67e27acc4
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:     4820 2bf05cc5740357c059ca66feabf406b2
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:     5842 48a4e79963b7da791c165c484fc11d76
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:     4106 71906ef569dc94bbddbec713289ef3a8
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
    Size/MD5 checksum:     4536 b02d59bd875bbd9b36c4dc54a16f1992

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:     9096 fa4b850dadb0a697004617e968851d3a
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:     5444 85afaf61e92a664c7b903031d169eb5a
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:    17178 00ac774370b4016649ad172bc84667f2
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:    49096 e07daab8ac4e5ea3427fdbadfa671aba
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:  5905658 164b7902e5e5d5f511305632b6f6a812
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:     6206 d0ae6c6462bdc873a845048ecb4fae4b
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:  1459396 ea5d66259ff182a5c343dbf490274bbe
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:    20130 3b611aaac099317e626c4b81d5ee9bc4
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
    Size/MD5 checksum:  1568890 d44cfd0dc33d34aaa3b106a79f806382

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:    12262 48790d9a97eab369ec9aa3529684f206
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:    35552 a47c2e52b8f829383addd5f7fb286c5c
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:     6846 2b36dbc841cd22299aa175a4f1e65ca8
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:     4492 4fc39c1471bca127f178856da0c8518e
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:  1113268 cfc2795f1ccaf23a35e9102345bf0c65
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:     5962 df95686291e5fc52d130b4b4e425fe45
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:    20126 4d8ef48d4fd233f1fe1bf3335022fb43
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:  1005096 ab3c1942a9fa822091cee3c76660594c
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
    Size/MD5 checksum:  4974220 6d7b51e1122a376ff6f0a04a660e9ed6

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:     5916 dc0c51da2d60b705ae3938824c0a941e
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:   922780 d81949c76c6fdf1ea138961cbe0f36be
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:     6718 5530126155e75c9ed883ac2861c79b96
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:  1005626 7fd2f06e879625a7121164353d65df6f
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:    11946 80eeb122e2bbf4c9b2e430f3513115cc
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:    34624 305feab6d4ead93fd6d76239d05732b0
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:  4668688 27f431fe153b7efee925ef04c1a9befe
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:     4480 a4684079cd594e316d62cf28e8c76adf
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
    Size/MD5 checksum:    20136 77fbce0f999345f0afdf0650a7794647

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:  1191316 b6ef4d881376ef204278456a57166236
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:     5626 cdd05580d5e1c7653d13a07167274c45
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:  1022198 8cdf75ed5cd61cf5e2ae7b297b7819e5
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:    38260 b9681d0824ead229fa9c2a42c2516017
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:     6910 d0bca6f30f15af804d044d666042d1ce
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:     7988 cfed8cf8c2c864be55373ce15e23d3f0
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:  5116308 105e08206811fe472412382a85c811e1
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:    13714 ae7ec3ac6f7d1fdfab774d54958965aa
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
    Size/MD5 checksum:    20270 d4c85cb0405292434d7537bd9e4b4494

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:     4300 eda9d5b506dd1a70ef73bb592b58c3ef
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:     6052 25aff1e5103edb5a9f734710d6b589b9
  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:    38336 08f2d6171ebb761babf664eb37ebe784
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:  1019556 478a55d6631a2fba2267a8cd3dbd19f2
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:    11412 a1e43e44ed1c20efd323adb4d48b90a6
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:  4860616 92fef2c23dccb82e00bbc7c016d4dd21
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:    20138 566c8573bef9cb08134ba1fe000b40a4
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:     6322 67e8fd4b37cb84c6e59f5de27f21eb13
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
    Size/MD5 checksum:  1172942 c30ffacd5c961e3b3f295b9e7ab175f2

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:    33310 bc7e610c4085598763e056f255429873
  http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:  4683530 04cd5bf600eca4c872cb802d767deb0a
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:    19924 4988a8da8b1e97514c747a6964f7f856
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:     5752 7584f5b967b245d7a0db7eb47fef5547
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:     4756 4526e8e7fceb344711f60ccaf3acfaa1
  http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:  1193282 76e99484e3d54569b80770a493ad2e49
  http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:   951186 2a21b9e1e6edd1d7a32a51abf3f782f3
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:     3920 ea9aff23630aa00dfcd37cb98df22408
  http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
    Size/MD5 checksum:    10404 d9ea8f6e0096234c4d9bdf9595eb5dbe


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAko6POAACgkQ62zWxYk/rQdDbgCeIdp39CeLGY7/fFQxhl2MbiZf
d3MAnAiZm53IHS7zrm8mPzJ4Q2T6eXrK
=vgRk
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFKOuBUNVH5XJJInbgRAnKDAJ4npeSBovsNdVSsUn8Oj2mviwNynwCgiuEO
wSlCm7c2OP1664cuKUgYHOQ=
=7vZw
-----END PGP SIGNATURE-----