vlc - several vulnerabilities

Several vulnerabilities have been discovered in vlc, a multimedia player
and streamer. The Common Vulnerabilities and Exposures project
identifies the following problems:

• CVE-2008-1768
  Drew Yao discovered that multiple integer overflows in the MP4 demuxer,
  Real demuxer and Cinepak codec can lead to the execution of arbitrary
  code.
• CVE-2008-1769
  Drew Yao discovered that the Cinepak codec is prone to a memory
  corruption, which can be triggered by a crafted Cinepak file.
• CVE-2008-1881
  Luigi Auriemma discovered that it is possible to execute arbitrary code
  via a long subtitle in an SSA file.
• CVE-2008-2147
  It was discovered that vlc is prone to a search path vulnerability,
  which allows local users to perform privilege escalations.
• CVE-2008-2430
  Alin Rad Pop discovered that it is possible to execute arbitrary code
  when opening a WAV file containing a large fmt chunk.
• CVE-2008-3794
  PÄąnar Yanardağ discovered that it is possible to execute arbitrary code
  when opening a crafted mmst link.
• CVE-2008-4686
  Tobias Klein discovered that it is possible to execute arbitrary code
  when opening a crafted .ty file.
• CVE-2008-5032
  Tobias Klein discovered that it is possible to execute arbitrary code
  when opening an invalid CUE image file with a crafted header.

For the oldstable distribution (etch), these problems have been fixed
in version 0.8.6-svn20061012.debian-5.1+etch3.

For the stable distribution (lenny), these problems have been fixed in
version 0.8.6.h-4+lenny2, which was already included in the lenny
release.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 0.8.6.h-5.

We recommend that you upgrade your vlc packages.