Your message dated Thu, 16 Aug 2007 19:59:44 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#429726: fixed in vlc 0.8.6-svn20061012.debian-5etch1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: vlc
Version: 0.8.6.a.debian-6
Severity: grave
Tags: security, fixed-upstream
Justification: user security hole
VLC versions in old-stable, stable and unstable are affectd by multiple
remotely triggerable format string vulnerabilities, addressed in
upstream release 0.8.6c.
http://www.videolan.org/sa0702.html
Sorry for the inconvenience,
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc depends on:
ii libaa1 1.4p5-32 ascii art library
ii libatk1.0-0 1.18.0-2 The ATK accessibility
toolkit
ii libc6 2.5-11 GNU C Library: Shared
libraries
ii libcaca0 0.99.beta11.debian-3 colour ASCII art library
ii libcairo2 1.4.6-1.1 The Cairo 2D vector
graphics libra
ii libcdio6 0.76-1 library to read and control
CD-ROM
ii libcucul0 0.99.beta11.debian-3 low-level Unicode character
drawin
ii libdbus-1-3 1.1.0-1 simple interprocess
messaging syst
ii libdbus-glib-1-2 0.73-2 simple interprocess
messaging syst
ii libfontconfig1 2.4.2-1.2 generic font configuration
library
ii libfreetype6 2.2.1-6 FreeType 2 font engine,
shared lib
ii libfribidi0 0.10.7-4 Free Implementation of the
Unicode
ii libgcc1 1:4.2-20070609-1 GCC support library
ii libgl1-mesa-glx [li 6.5.2-5 A free implementation of
the OpenG
ii libglib2.0-0 2.12.12-1 The GLib library of C
routines
ii libglu1-mesa [libgl 6.5.2-5 The OpenGL utility library
(GLU)
ii libgtk2.0-0 2.10.13-1 The GTK+ graphical user
interface
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange
library
ii libiso9660-4 0.76-1 library to work with
ISO9660 files
ii libjpeg62 6b-13 The Independent JPEG
Group's JPEG
ii libnotify1 0.4.4-3 sends desktop notifications
to a n
ii libpango1.0-0 1.16.4-1 Layout and rendering of
internatio
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libsdl-image1.2 1.2.5-3 image loading library for
Simple D
ii libsdl1.2debian 1.2.11-9 Simple DirectMedia Layer
ii libsm6 2:1.0.3-1 X11 Session Management
library
ii libstdc++6 4.2-20070609-1 The GNU Standard C++
Library v3
ii libtar 1.2.11-4 C library for manipulating
tar arc
ii libtiff4 3.8.2-7 Tag Image File Format
(TIFF) libra
ii libvcdinfo0 0.7.23-3 library to extract
information fro
ii libvlc0 0.8.6.a.debian-6 multimedia player and
streamer lib
ii libwxbase2.6-0 2.6.3.2.1.5 wxBase library (runtime) -
non-GUI
ii libwxgtk2.6-0 2.6.3.2.1.5 wxWidgets Cross-platform
C++ GUI t
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.8-2 X cursor management library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension
librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes'
extensio
ii libxi6 1:1.0.1-4 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension
library
ii libxosd2 2.2.14-1.3 X On-Screen Display
library - runt
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.2-1 X Rendering Extension
client libra
ii libxv1 1:1.0.3-1 X11 Video extension library
ii libxxf86vm1 1:1.0.1-2 X11 XFree86 video mode
extension l
ii ttf-dejavu 2.17-2 Vera font family derivate
with add
ii vlc-nox 0.8.6.a.debian-6 multimedia player and
streamer (wi
ii zlib1g 1:1.2.3-15 compression library -
runtime
Versions of packages vlc recommends:
pn videolan-doc <none> (no description available)
-- no debconf information
--
RĂ©mi Denis-Courmont
http://www.remlab.net/
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 0.8.6-svn20061012.debian-5etch1
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:
libvlc0-dev_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_i386.deb
libvlc0_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_i386.deb
mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc-nox_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc-plugin-alsa_0.8.6-svn20061012.debian-5etch1_all.deb
to pool/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5etch1_all.deb
vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc-plugin-glide_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc-plugin-svgalib_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5etch1_i386.deb
vlc_0.8.6-svn20061012.debian-5etch1.diff.gz
to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1.diff.gz
vlc_0.8.6-svn20061012.debian-5etch1.dsc
to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1.dsc
vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
to pool/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
wxvlc_0.8.6-svn20061012.debian-5etch1_all.deb
to pool/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5etch1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> (supplier of updated vlc
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 20 Jun 2007 20:53:40 +0200
Source: vlc
Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide
vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox
vlc-plugin-svgalib libvlc0-dev
Architecture: source i386 all
Version: 0.8.6-svn20061012.debian-5etch1
Distribution: stable-security
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Changed-By: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Description:
libvlc0 - multimedia player and streamer library
libvlc0-dev - development files for VLC
mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
vlc - multimedia player and streamer
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-alsa - dummy transitional package
vlc-plugin-arts - aRts audio output plugin for VLC
vlc-plugin-esd - Esound audio output plugin for VLC
vlc-plugin-ggi - GGI video output plugin for VLC
vlc-plugin-glide - Glide video output plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svgalib - SVGAlib video output plugin for VLC
wxvlc - dummy transitional package
Closes: 429726
Changes:
vlc (0.8.6-svn20061012.debian-5etch1) stable-security; urgency=high
.
* patch-formatstring-0.8.6debian-0.8.6c.diff:
+ Fix format string vulnerabilities (VideoLAN-SA-0702) (Closes: #429726).
* patch-overflows-0.8.6debian-0.8.6c.diff:
+ Fix integer and buffer overflows.
* patch-memleak-0.8.6debian-0.8.6c.diff:
* patch-missingchecks-0.8.6debian-0.8.6c.diff:
* patch-uninitialised-0.8.6debian-0.8.6c.diff:
+ Fix memory leaks, missing checks and uninitialised variables that can
lead to denials of service.
Files:
a78b0e31b43f1d6519485222254c8591 2608 graphics optional
vlc_0.8.6-svn20061012.debian-5etch1.dsc
30c18a2fdc4105606033ff6e6aeab81c 15168393 graphics optional
vlc_0.8.6-svn20061012.debian.orig.tar.gz
d3465014c27a536eb1e0e055e381e378 2376828 graphics optional
vlc_0.8.6-svn20061012.debian-5etch1.diff.gz
0100725dbe353382fae899953a44bd90 782 graphics optional
vlc-plugin-alsa_0.8.6-svn20061012.debian-5etch1_all.deb
5e3b682a006ae7aab3a2c762e7c3f5e5 774 graphics optional
wxvlc_0.8.6-svn20061012.debian-5etch1_all.deb
3ea8114ac3cef6a979c0444afad72331 1137646 graphics optional
vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
325759b017bc105ebc8121d4f51f77f5 4628428 net optional
vlc-nox_0.8.6-svn20061012.debian-5etch1_i386.deb
a480bbcf93fd8b5661cf103326d447b5 957680 libs optional
libvlc0_0.8.6-svn20061012.debian-5etch1_i386.deb
953afed452ce74818b60fe123e6b39cc 20192 libdevel optional
libvlc0-dev_0.8.6-svn20061012.debian-5etch1_i386.deb
eee461e1a79b5b509dd0e3fe8d87d358 4816 graphics optional
vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_i386.deb
9f2d3b61e96095f5ea07d7541b281149 10712 graphics optional
vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_i386.deb
9e9b6a49d9c311ac9062752744df9953 5838 graphics optional
vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_i386.deb
2806e46188b5d3a86996b66adac01d19 4134 graphics optional
vlc-plugin-glide_0.8.6-svn20061012.debian-5etch1_i386.deb
847a4204b2a8e03e9ffb495ddbe09f74 4104 graphics optional
vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_i386.deb
72db66b31b1105b5e30ccbfb11be1293 36182 graphics optional
mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
044d220ad46949a671788d2ef6112cdc 4532 graphics optional
vlc-plugin-svgalib_0.8.6-svn20061012.debian-5etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGevX7Xm3vHE4uyloRAivcAJ4vxpCxSbZGdH45u7iSRH6bY5HpXACgh0j3
Lm7FgiFdmw6EwSDaJO+JsRw=
=fjxE
-----END PGP SIGNATURE-----
--- End Message ---
