Description of problem: There are two commits in upstream svn (#220 CVE-2008-3496, and #258 (unknown CVE) that need to be backported to the 5.3 uvcvideo driver. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1.create a malicious uvc camera 2.attach it to a 5.3 machine 3.attempt to use it Actual results: buffer overflows Expected results: normal operation Additional info:
#258 also requires part of #240. Without #240 it is a stack-based buffer overflow, for extra danger.
*** This bug has been marked as a duplicate of bug 470427 ***