Just in case you didn't spot it:
"VLC media player 0.8.6f and earlier versions suffer from security vulnerabilities in the Mozilla and ActiveX plugins, in the libpng, libid3tag, libvorbis libraries and in the Speex codec."
»
[Update] VLC media player 0.8.6h release