Insufficient validation of ID3v2 tags

Here's the upstream patch for vlc 1.0.6.

Here's my debdiff for lucid-security.

We will fix the bug in maverick with uploading vlc 1.1.3 once it's released.

I have build the lucid-security package, upgraded it, and it still plays my videos.

Thanks for the debdiff Benjamin. Packages for lucid are being built now and should appear in the next day or so.

Unsubscribing ubuntu-security-sponsors since there are no more debdiffs to process.

This bug was fixed in the package vlc - 1.1.3-2ubuntu1

---------------
vlc (1.1.3-2ubuntu1) maverick; urgency=low

  * Merge from Debian experimental, remaining changes:
    - build and install the libx264 plugin

vlc (1.1.3-2) experimental; urgency=low

  [ Christophe Mutricy ]
  * Depends on xulrunner-dev >= 1.9.2
  * Activate VA-API (Closes: #587792, LP: #539406)

  [ Benjamin Drung ]
  * Switch to dh7.
  * Move libavcodec plugin from vlc-nox to vlc.
  * Add Xb-Npp header to mozilla-plugin-vlc package. (Not doing anything
    on Debian at the moment, see #484010)
  * Add apport hook to include more VLC dependencies in bug reports and
    install it on Ubuntu.

vlc (1.1.3-1) unstable; urgency=medium

  [ Benjamin Drung ]
  * New upstream release.
    + Fix insufficient input validation in TagLib plugin.
      (VideoLAN-SA-1004, CVE-2010-2937) (Closes: #592669, LP: #616510)
    + Set urgency to medium
  * 502_xulrunner_191.diff: Shorten, split into two parts, and refresh it.
  * Drop 102_dejavu_font.diff and depend on ttf-freefont instead of ttf-
    dejavu-core. ttf-freefont is very likely to be present on a Debian
    box, because cups depends on it.
  * Drop 501_decrease_alsa_buffer.diff. The pulseaudio output module has
    a higher priority than the ALSA output plugin and should be used on
    pulseaudio systems.

  [ Reinhard Tartler ]
  * add DM-Upload-Allowed field to debian/control
 -- Benjamin Drung <email address hidden> Thu, 19 Aug 2010 23:16:03 +0200

This bug was fixed in the package vlc - 1.0.6-1ubuntu1.2

---------------
vlc (1.0.6-1ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: Insufficient input validation in VLC TagLib plugin
    (LP: #616510).
    - debian/patches/CVE-2010-2937.patch: fix NULL deferences after dynamic
      cast, thanks to Lukáš Lalinský
    - CVE-2010-2937
 -- Benjamin Drung <email address hidden> Tue, 17 Aug 2010 17:14:14 +0200

Jaunty reached end-of-life on 23 October 2010. The bug is marked as fixed in later versions of Ubuntu

Thank you for reporting this bug to Ubuntu. karmic has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against karmic is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.