Bug#464696: marked as done (libxine1: CVE-2008-0486 buffer overflow via crafted flac file)

Debian Bug Tracking System Fri, 15 Feb 2008 07:40:26 -0800

Your message dated Fri, 15 Feb 2008 14:02:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#464696: fixed in xine-lib-1.2 
1.1.90hg+20080214+db71e67bee03-1
has caused the Debian Bug report #464696,
regarding libxine1: CVE-2008-0486 buffer overflow via crafted flac file
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
464696: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: libxine1
Version: 1.1.10-1
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libxine1.

CVE-2008-0486[0]:
| Array index vulnerability in libmpdemux/demux_audio.c in MPlayer
| 1.0rc2 and SVN before r25917, and possibly earlier versions, as used
| in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary
| code via a crafted FLAC tag, which triggers a buffer overflow.

I attached a patch ported from the mplayer fix to xine-lib.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

--- demux_flac.c	2008-01-25 22:54:50.000000000 +0100
+++ demux_flac.c.new	2008-02-08 14:02:37.000000000 +0100
@@ -212,6 +212,8 @@
             ptr += 4;
 
             comment = (char*) ptr;
+            if(&comment[length] < comments || &comment[length] >= &comments[block_length])
+                return;
             c = comment[length];
             comment[length] = 0;

pgpIrbgaHeSlt.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: xine-lib-1.2
Source-Version: 1.1.90hg+20080214+db71e67bee03-1

We believe that the bug you reported is fixed in the latest version of
xine-lib-1.2, which is due to be installed in the Debian FTP archive:

libxine-dev_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine-dev_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-all-plugins_1.1.90hg+20080214+db71e67bee03-1_all.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-all-plugins_1.1.90hg+20080214+db71e67bee03-1_all.deb
libxine2-bin_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-bin_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-console_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-console_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-dbg_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-dbg_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-doc_1.1.90hg+20080214+db71e67bee03-1_all.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-doc_1.1.90hg+20080214+db71e67bee03-1_all.deb
libxine2-ffmpeg_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-ffmpeg_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-gnome_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-gnome_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-misc-plugins_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-misc-plugins_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-plugins_1.1.90hg+20080214+db71e67bee03-1_all.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-plugins_1.1.90hg+20080214+db71e67bee03-1_all.deb
libxine2-vdr_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-vdr_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2-x_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2-x_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
libxine2_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
  to 
pool/main/x/xine-lib-1.2/libxine2_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
xine-lib-1.2_1.1.90hg+20080214+db71e67bee03-1.diff.gz
  to 
pool/main/x/xine-lib-1.2/xine-lib-1.2_1.1.90hg+20080214+db71e67bee03-1.diff.gz
xine-lib-1.2_1.1.90hg+20080214+db71e67bee03-1.dsc
  to pool/main/x/xine-lib-1.2/xine-lib-1.2_1.1.90hg+20080214+db71e67bee03-1.dsc
xine-lib-1.2_1.1.90hg+20080214+db71e67bee03.orig.tar.gz
  to 
pool/main/x/xine-lib-1.2/xine-lib-1.2_1.1.90hg+20080214+db71e67bee03.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Darren Salt <[EMAIL PROTECTED]> (supplier of updated xine-lib-1.2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 14 Feb 2008 22:17:50 +0000
Source: xine-lib-1.2
Binary: libxine2-doc libxine2 libxine2-bin libxine-dev libxine2-ffmpeg 
libxine2-gnome libxine2-console libxine2-vdr libxine2-x libxine2-misc-plugins 
libxine2-dbg libxine2-plugins libxine2-all-plugins
Architecture: source all amd64
Version: 1.1.90hg+20080214+db71e67bee03-1
Distribution: experimental
Urgency: low
Maintainer: [EMAIL PROTECTED]
Changed-By: Darren Salt <[EMAIL PROTECTED]>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine2   - the xine media player library, meta-package (development branch)
 libxine2-all-plugins - the xine video/media player library, meta package
 libxine2-bin - the xine video/media player library, binary files
 libxine2-console - libaa/libcaca/framebuffer/directfb related plugins for 
libxine2
 libxine2-dbg - debug symbols for libxine2
 libxine2-doc - the xine video player library, documentation files
 libxine2-ffmpeg - MPEG-related plugins for libxine2
 libxine2-gnome - GNOME-related plugins for libxine2
 libxine2-misc-plugins - Input, audio output and post plugins for libxine2
 libxine2-plugins - the xine video/media player library, meta package
 libxine2-vdr - VDR-related plugins for libxine2
 libxine2-x - X desktop video output plugins for libxine2
Closes: 464696
Changes: 
 xine-lib-1.2 (1.1.90hg+20080214+db71e67bee03-1) experimental; urgency=low
 .
   * 1.2.x development branch snapshot.
     (cset db71e67bee037142234750a216597c7811cc7df5)
     - CVE-2008-0486: Array index vulnerability which may allow remote
       attackers to execute arbitrary code via a crafted FLAC tag, which
       triggers a buffer overflow. (Closes: #464696)
Files: 
 244698d2d24b3286cc579632467f39e5 1877 libs optional 
xine-lib-1.2_1.1.90hg+20080214+db71e67bee03-1.dsc
 254023804c9daa906ab2720907f7c4a7 9995967 libs optional 
xine-lib-1.2_1.1.90hg+20080214+db71e67bee03.orig.tar.gz
 56c21f9a26f11a77db9e491c338f01ba 25995 libs optional 
xine-lib-1.2_1.1.90hg+20080214+db71e67bee03-1.diff.gz
 b9c1ed288f8a263ce4b676146c5f7387 136384 doc optional 
libxine2-doc_1.1.90hg+20080214+db71e67bee03-1_all.deb
 119594ad57a19ad42fb5463bfb0728ba 1080 libs extra 
libxine2-plugins_1.1.90hg+20080214+db71e67bee03-1_all.deb
 c958f1d483cffd11637030d8e6dd6f61 1092 libs extra 
libxine2-all-plugins_1.1.90hg+20080214+db71e67bee03-1_all.deb
 85bf40304548af58e64964225753c610 1272 libs optional 
libxine2_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 2a50644faa51aa2e983b0754e4ef1118 1589378 libs optional 
libxine2-bin_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 cef458966550333a62723090c949acc2 535026 libdevel optional 
libxine-dev_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 eacb5c48d0a3c825cab9883a1df04923 471200 libs optional 
libxine2-ffmpeg_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 48be169939fcc147ed6dfd6bccb315b3 14988 libs optional 
libxine2-gnome_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 8130e4fe5b0ab0a41c680a935134f12f 59110 libs extra 
libxine2-console_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 22f92ab1eaf09cbf748df041b410139f 21414 libs extra 
libxine2-vdr_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 4cf625f72936abbb0328415cee6c28f7 200896 libs optional 
libxine2-x_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 6fc804914366f81851a3cb2b14aba025 848002 libs optional 
libxine2-misc-plugins_1.1.90hg+20080214+db71e67bee03-1_amd64.deb
 e834f874db1ca938c7c0ab00240fafce 3854316 libs extra 
libxine2-dbg_1.1.90hg+20080214+db71e67bee03-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHtNctsBKtjPGfWZ8RAv8QAKCqcoXGKMNV/eEVlN20XLB2WUJBQwCgpeDK
r7Jqp3DqrRU1Oqinlf0buEY=
=w/cm
-----END PGP SIGNATURE-----

--- End Message ---

Bug#464696: marked as done (libxine1: CVE-2008-0486 buffer overflow via crafted flac file)

Reply via email to