Your message dated Sun, 30 Mar 2008 16:47:11 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#472639: fixed in xine-lib 1.1.11.1-1
has caused the Debian Bug report #472639,
regarding xine-lib: CVE-2008-1482 multiple integer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
472639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472639
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: xine-lib
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xine-lib.
CVE-2008-1482[0]:
| Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote
| attackers to trigger heap-based buffer overflows and possibly execute
| arbitrary code via (1) a crafted .FLV file, which triggers an overflow
| in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an
| overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which
| triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE
| file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a
| crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or
| (6) a crafted .CAK file, which triggers an overflow in
| demuxers/demux_film.c.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpRkElMglVEi.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: xine-lib
Source-Version: 1.1.11.1-1
We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:
libxine-dev_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine-dev_1.1.11.1-1_amd64.deb
libxine1-all-plugins_1.1.11.1-1_all.deb
to pool/main/x/xine-lib/libxine1-all-plugins_1.1.11.1-1_all.deb
libxine1-bin_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1_amd64.deb
libxine1-console_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1-console_1.1.11.1-1_amd64.deb
libxine1-dbg_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1_amd64.deb
libxine1-doc_1.1.11.1-1_all.deb
to pool/main/x/xine-lib/libxine1-doc_1.1.11.1-1_all.deb
libxine1-ffmpeg_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1_amd64.deb
libxine1-gnome_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1-gnome_1.1.11.1-1_amd64.deb
libxine1-misc-plugins_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1_amd64.deb
libxine1-plugins_1.1.11.1-1_all.deb
to pool/main/x/xine-lib/libxine1-plugins_1.1.11.1-1_all.deb
libxine1-x_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1-x_1.1.11.1-1_amd64.deb
libxine1_1.1.11.1-1_amd64.deb
to pool/main/x/xine-lib/libxine1_1.1.11.1-1_amd64.deb
xine-lib_1.1.11.1-1.diff.gz
to pool/main/x/xine-lib/xine-lib_1.1.11.1-1.diff.gz
xine-lib_1.1.11.1-1.dsc
to pool/main/x/xine-lib/xine-lib_1.1.11.1-1.dsc
xine-lib_1.1.11.1.orig.tar.gz
to pool/main/x/xine-lib/xine-lib_1.1.11.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Darren Salt <[EMAIL PROTECTED]> (supplier of updated xine-lib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Mar 2008 15:15:04 +0100
Source: xine-lib
Binary: libxine1-doc libxine1 libxine1-bin libxine-dev libxine1-ffmpeg
libxine1-gnome libxine1-console libxine1-x libxine1-misc-plugins libxine1-dbg
libxine1-plugins libxine1-all-plugins
Architecture: source all amd64
Version: 1.1.11.1-1
Distribution: unstable
Urgency: high
Maintainer: [EMAIL PROTECTED]
Changed-By: Darren Salt <[EMAIL PROTECTED]>
Description:
libxine-dev - the xine video player library, development packages
libxine1 - the xine video/media player library, meta-package
libxine1-all-plugins - the xine video/media player library, meta package
libxine1-bin - the xine video/media player library, binary files
libxine1-console - libaa/libcaca/framebuffer/directfb related plugins for
libxine1
libxine1-dbg - debug symbols for libxine1
libxine1-doc - the xine video player library, documentation files
libxine1-ffmpeg - MPEG-related plugins for libxine1
libxine1-gnome - GNOME-related plugins for libxine1
libxine1-misc-plugins - Input, audio output and post plugins for libxine1
libxine1-plugins - the xine video/media player library, meta package
libxine1-x - X desktop video output plugins for libxine1
Closes: 472639
Changes:
xine-lib (1.1.11.1-1) unstable; urgency=high
.
* New upstream release.
- CVE-2008-1482: integer overflows in FLV, Qt, Real, WC3Movie, Matroska
and FILM demuxers, allowing remote attackers to trigger heap overflows
and possibly execute arbitrary code. (Closes: #472639)
Files:
2fd874ebe82dceff77b1e9b16b168886 1751 libs optional xine-lib_1.1.11.1-1.dsc
08f6d8ed03d98ec43a5ee1386ce83a00 9056527 libs optional
xine-lib_1.1.11.1.orig.tar.gz
6217ceef0f377cde88ae615516f846ae 26189 libs optional
xine-lib_1.1.11.1-1.diff.gz
99734d15a0852e56a2ca4f470899ca4d 143058 doc optional
libxine1-doc_1.1.11.1-1_all.deb
4d3b7ec9e2a3e5208b4d28990ba42172 51260 libs extra
libxine1-plugins_1.1.11.1-1_all.deb
4536568883e70d63ed794909342312dd 51268 libs extra
libxine1-all-plugins_1.1.11.1-1_all.deb
0d47e8183d64a1c3089ee4bf4c719b2f 1262 libs optional
libxine1_1.1.11.1-1_amd64.deb
319d586ac696b13729477df00ee1d800 1608448 libs optional
libxine1-bin_1.1.11.1-1_amd64.deb
1958725a43e3ef80d917b80565f78d29 330920 libdevel optional
libxine-dev_1.1.11.1-1_amd64.deb
5aa6e898c40a1c0f4cdf2610dc35556c 385322 libs optional
libxine1-ffmpeg_1.1.11.1-1_amd64.deb
88fde6d30dfdfaf80f4b4eddcfb9e07c 15238 libs optional
libxine1-gnome_1.1.11.1-1_amd64.deb
d34ea2123739508b9302ec2b61d4d5f1 58026 libs extra
libxine1-console_1.1.11.1-1_amd64.deb
cd1f586ad8d7e15b486da07763685b57 214380 libs optional
libxine1-x_1.1.11.1-1_amd64.deb
e6e8360163cee4ab332a3235771e66bb 957656 libs optional
libxine1-misc-plugins_1.1.11.1-1_amd64.deb
dd997e1bafd68243c36e72035cc80b8f 3920582 libs extra
libxine1-dbg_1.1.11.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH77LgsBKtjPGfWZ8RAqbYAKC3j1OfNk3PEHKWSBY9dh/IAJiaaQCcCPYw
MIyXgV7xb2dlzLnFdAnP0TA=
=ud38
-----END PGP SIGNATURE-----
--- End Message ---
