Your message dated Mon, 14 Jan 2008 22:03:21 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#460551: fixed in xine-lib 1.1.8-3+lenny1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: xine-lib
Version: 1.0.1-1sarge5
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xine-lib.
CVE-2008-0225[0]:
| Heap-based buffer overflow in the rmff_dump_cont function in
| input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
| attackers to execute arbitrary code via the SDP Abstract attribute,
| related to the rmff_dump_header function and related to disregarding
| the max field. NOTE: some of these details are obtained from third
| party information.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0225
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpbiM812ECLf.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: xine-lib
Source-Version: 1.1.8-3+lenny1
We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:
libxine-dev_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine-dev_1.1.8-3+lenny1_i386.deb
libxine1-console_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine1-console_1.1.8-3+lenny1_i386.deb
libxine1-dbg_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine1-dbg_1.1.8-3+lenny1_i386.deb
libxine1-doc_1.1.8-3+lenny1_all.deb
to pool/main/x/xine-lib/libxine1-doc_1.1.8-3+lenny1_all.deb
libxine1-ffmpeg_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine1-ffmpeg_1.1.8-3+lenny1_i386.deb
libxine1-gnome_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine1-gnome_1.1.8-3+lenny1_i386.deb
libxine1-misc-plugins_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine1-misc-plugins_1.1.8-3+lenny1_i386.deb
libxine1-plugins_1.1.8-3+lenny1_all.deb
to pool/main/x/xine-lib/libxine1-plugins_1.1.8-3+lenny1_all.deb
libxine1-x_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine1-x_1.1.8-3+lenny1_i386.deb
libxine1_1.1.8-3+lenny1_i386.deb
to pool/main/x/xine-lib/libxine1_1.1.8-3+lenny1_i386.deb
xine-lib_1.1.8-3+lenny1.diff.gz
to pool/main/x/xine-lib/xine-lib_1.1.8-3+lenny1.diff.gz
xine-lib_1.1.8-3+lenny1.dsc
to pool/main/x/xine-lib/xine-lib_1.1.8-3+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated xine-lib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 13 Jan 2008 16:12:48 +0100
Source: xine-lib
Binary: libxine1-x libxine1-gnome libxine1-console libxine-dev libxine1
libxine1-dbg libxine1-plugins libxine1-doc libxine1-misc-plugins libxine1-ffmpeg
Architecture: source i386 all
Version: 1.1.8-3+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Reinhard Tartler <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libxine-dev - the xine video player library, development packages
libxine1 - the xine video/media player library, binary files
libxine1-console - libaa/libcaca/framebuffer/directfb related plugins for
libxine1
libxine1-dbg - debug symbols for libxine1
libxine1-doc - the xine video player library, documentation files
libxine1-ffmpeg - MPEG-related plugins for libxine1
libxine1-gnome - GNOME-related plugins for libxine1
libxine1-misc-plugins - Input, audio output and post plugins for libxine1
libxine1-plugins - the xine video/media player library, meta package
libxine1-x - X desktop video output plugins for libxine1
Closes: 460551
Changes:
xine-lib (1.1.8-3+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by security team.
* This update addresses the following security issue:
- CVE-2008-0225: Heap-based buffer overflow in rmff_dump_cont function
which allows remote attacker to execute arbitrary code via a crafted
SDP Abstract attribute (Closes: #460551).
Files:
9537a8c87e46e59c182cb204fd37681f 1718 libs optional xine-lib_1.1.8-3+lenny1.dsc
ef235cc9e7057680aa35c315a6dd78fd 8872132 libs optional
xine-lib_1.1.8.orig.tar.gz
0231f12a8600a3ed4bb17ace78f7073f 25387 libs optional
xine-lib_1.1.8-3+lenny1.diff.gz
8e8eb39b46de4e6f19f8ed4774916be7 137034 doc optional
libxine1-doc_1.1.8-3+lenny1_all.deb
dc313d49c3cb67a367ce1887d4bcbbc9 46340 libs extra
libxine1-plugins_1.1.8-3+lenny1_all.deb
8369567040767e5dc5d815c7edb9625d 326462 libdevel optional
libxine-dev_1.1.8-3+lenny1_i386.deb
6d984cdfa61b72a0f2a134e62a9c6010 1588036 libs optional
libxine1_1.1.8-3+lenny1_i386.deb
f31bcf6f6774bf68729e9065d3fce8f6 433442 libs optional
libxine1-ffmpeg_1.1.8-3+lenny1_i386.deb
9382fa62c7627dcb0f7b0e94ae4d47c0 60346 libs optional
libxine1-gnome_1.1.8-3+lenny1_i386.deb
b46e7fa582c745ffbbb8c127f1db1dde 104220 libs extra
libxine1-console_1.1.8-3+lenny1_i386.deb
85ba8ceea10bbd1b3d91daf3f7a91f03 256630 libs optional
libxine1-x_1.1.8-3+lenny1_i386.deb
c9827a6ac6879c71b7caea8585ef8117 1845894 libs extra
libxine1-dbg_1.1.8-3+lenny1_i386.deb
cb1477cc3e8bbd49964e5bccb118d2e0 988172 libs optional
libxine1-misc-plugins_1.1.8-3+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHijPlHYflSXNkfP8RAqeHAJ4vx5u+zjxY+wwc9C/BCBvq8vH62QCeKoWo
P/rFkOJHrFCTEaNTzBy6PjI=
=MYCa
-----END PGP SIGNATURE-----
--- End Message ---
