Your message dated Tue, 06 May 2008 21:02:09 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#476990: fixed in xine-lib 1.1.10.1-2+lenny2
has caused the Debian Bug report #476990,
regarding xine-lib: CVE-2008-1878 buffer overflow in nsf decoding
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
476990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476990
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: xine-lib
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xine-lib.
CVE-2008-1878[0]:
| Stack-based buffer overflow in the demux_nsf_send_chunk
| function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and
| earlier allows remote attackers to cause a denial of service
| (crash) and possibly execute arbitrary code via a long NSF
| title.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1878
http://security-tracker.debian.net/tracker/CVE-2008-1878
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpsCu2Ih2UUh.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: xine-lib
Source-Version: 1.1.10.1-2+lenny2
We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:
libxine-dev_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine-dev_1.1.10.1-2+lenny2_amd64.deb
libxine1-all-plugins_1.1.10.1-2+lenny2_all.deb
to pool/main/x/xine-lib/libxine1-all-plugins_1.1.10.1-2+lenny2_all.deb
libxine1-bin_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1-bin_1.1.10.1-2+lenny2_amd64.deb
libxine1-console_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1-console_1.1.10.1-2+lenny2_amd64.deb
libxine1-dbg_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1-dbg_1.1.10.1-2+lenny2_amd64.deb
libxine1-doc_1.1.10.1-2+lenny2_all.deb
to pool/main/x/xine-lib/libxine1-doc_1.1.10.1-2+lenny2_all.deb
libxine1-ffmpeg_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1-ffmpeg_1.1.10.1-2+lenny2_amd64.deb
libxine1-gnome_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1-gnome_1.1.10.1-2+lenny2_amd64.deb
libxine1-misc-plugins_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1-misc-plugins_1.1.10.1-2+lenny2_amd64.deb
libxine1-plugins_1.1.10.1-2+lenny2_all.deb
to pool/main/x/xine-lib/libxine1-plugins_1.1.10.1-2+lenny2_all.deb
libxine1-x_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1-x_1.1.10.1-2+lenny2_amd64.deb
libxine1_1.1.10.1-2+lenny2_amd64.deb
to pool/main/x/xine-lib/libxine1_1.1.10.1-2+lenny2_amd64.deb
xine-lib_1.1.10.1-2+lenny2.diff.gz
to pool/main/x/xine-lib/xine-lib_1.1.10.1-2+lenny2.diff.gz
xine-lib_1.1.10.1-2+lenny2.dsc
to pool/main/x/xine-lib/xine-lib_1.1.10.1-2+lenny2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated xine-lib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 04 May 2008 13:20:43 +0200
Source: xine-lib
Binary: libxine1-doc libxine1 libxine1-bin libxine-dev libxine1-ffmpeg
libxine1-gnome libxine1-console libxine1-x libxine1-misc-plugins libxine1-dbg
libxine1-plugins libxine1-all-plugins
Architecture: source all amd64
Version: 1.1.10.1-2+lenny2
Distribution: testing-security
Urgency: high
Maintainer: Reinhard Tartler <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libxine-dev - the xine video player library, development packages
libxine1 - the xine video/media player library, meta-package
libxine1-all-plugins - the xine video/media player library, meta package
libxine1-bin - the xine video/media player library, binary files
libxine1-console - libaa/libcaca/framebuffer/directfb related plugins for
libxine1
libxine1-dbg - debug symbols for libxine1
libxine1-doc - the xine video player library, documentation files
libxine1-ffmpeg - MPEG-related plugins for libxine1
libxine1-gnome - GNOME-related plugins for libxine1
libxine1-misc-plugins - Input, audio output and post plugins for libxine1
libxine1-plugins - the xine video/media player library, meta package
libxine1-x - X desktop video output plugins for libxine1
Closes: 473057 475152 476990
Changes:
xine-lib (1.1.10.1-2+lenny2) testing-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update addresses the following security issues:
- CVE-2008-1878: stack-based buffer overflow in nsf demuxer that
allows execution of arbitrary code via a crafted title (Closes: #476990)
- CVE-2008-1686: insufficient boundary checking on a header structure that
is read from user input could lead to arbitrary code to arbitrary
code execution via negative values (Closes: #475152).
- CVE-2008-0073: stack-based buffer overflow in subtitle parsing could
lead to arbitrary code execution via a crafted subtitle
file (Closes: #473057).
Checksums-Sha1:
31c25d033898d041270d0f16a953fb5febf31d0d 2211 xine-lib_1.1.10.1-2+lenny2.dsc
a88dc84e01f89c885bef69703b2006caf8cdfc90 34458
xine-lib_1.1.10.1-2+lenny2.diff.gz
c2358de7db8a561a41c32868213384d8a92a36d8 142966
libxine1-doc_1.1.10.1-2+lenny2_all.deb
276857c90eb87142ad51754d2225c0be732dea91 50544
libxine1-plugins_1.1.10.1-2+lenny2_all.deb
fa32a31fbdc57f8d6f82be44513368c66b1e9034 50556
libxine1-all-plugins_1.1.10.1-2+lenny2_all.deb
cb7a9d7e8f661f339323bf6d5d3845df727523b1 1268
libxine1_1.1.10.1-2+lenny2_amd64.deb
2d14e9e7ce99ff75ae896b3b9e84f4899db1dd61 1604388
libxine1-bin_1.1.10.1-2+lenny2_amd64.deb
d240c01bd1fcbd80a0fca105b55d58d518b2ed28 328448
libxine-dev_1.1.10.1-2+lenny2_amd64.deb
5bc46fddd655c6388cc957f8c2ff1254b99ca318 380268
libxine1-ffmpeg_1.1.10.1-2+lenny2_amd64.deb
30af87760462b4f4ee0c026acbe1608fdda1f32b 15220
libxine1-gnome_1.1.10.1-2+lenny2_amd64.deb
5fc2a8cae8ec606029b46e79be729910563004de 57688
libxine1-console_1.1.10.1-2+lenny2_amd64.deb
21ecc3529cc6b989678fb94ff3a4da13abd181d9 209504
libxine1-x_1.1.10.1-2+lenny2_amd64.deb
f49c66690bb70e496e8ee2199387d5b1f4443e73 797726
libxine1-misc-plugins_1.1.10.1-2+lenny2_amd64.deb
4a5ee081b26626ceb1fae94d7e53ebeb8786958b 3701936
libxine1-dbg_1.1.10.1-2+lenny2_amd64.deb
Checksums-Sha256:
73f4bf457b910ddf4af8788644f3fb95dff5fa3f66df374b73ad2deaa3a7b04a 2211
xine-lib_1.1.10.1-2+lenny2.dsc
a039361198faffb6f46acbc85be9086032db0950ddc21c05223ff1cce92abadc 34458
xine-lib_1.1.10.1-2+lenny2.diff.gz
9a5c6b29a8919a32c3ebce608a4794db2a92413710282634558dd075ee689179 142966
libxine1-doc_1.1.10.1-2+lenny2_all.deb
c5617251ff116d2dc81090815050be7539cd61f55a3d27c297fc3c993c2137e9 50544
libxine1-plugins_1.1.10.1-2+lenny2_all.deb
3de6e5a8104043824463033b6e6e8cd645a9b00f13263abb1a67a1fb12ca0459 50556
libxine1-all-plugins_1.1.10.1-2+lenny2_all.deb
7cf7428f25d7c7e3fa363b0c557e972976533377ac6750442d6dabfc36bf0b3e 1268
libxine1_1.1.10.1-2+lenny2_amd64.deb
444f5046adc2ddb4e5661ccb1ff28da965e699e0bc8e27b9f5fc5a514b6a3ea4 1604388
libxine1-bin_1.1.10.1-2+lenny2_amd64.deb
53a3c3560e6c0338996ee3d324e7c8c135c06035ce85a3aa18d60b0f16920c0b 328448
libxine-dev_1.1.10.1-2+lenny2_amd64.deb
817b7f766141637b8c6a360aa3e832457356976951adab3883a519f310d0641f 380268
libxine1-ffmpeg_1.1.10.1-2+lenny2_amd64.deb
8ffde8e421714442925d1014d1bd58c16bfa7e440d786b9c3e0ba70696c959bb 15220
libxine1-gnome_1.1.10.1-2+lenny2_amd64.deb
9c9ec36551ade7b81df7475376edbd15725cc7ce27dd1d050b035204c5f65666 57688
libxine1-console_1.1.10.1-2+lenny2_amd64.deb
472cce69ac804ec9c064b03602f362ce323a7c37f84c217547d1f1205804d0d7 209504
libxine1-x_1.1.10.1-2+lenny2_amd64.deb
59a4111326b66162b813a454cb30534f7e3b8938e64f680ccc28840583d2c1d9 797726
libxine1-misc-plugins_1.1.10.1-2+lenny2_amd64.deb
6edc04c31d1c16fa9471b02d334524806fd35da2701ecb17216f29605ac14439 3701936
libxine1-dbg_1.1.10.1-2+lenny2_amd64.deb
Files:
c7749574df280130dd6d19bfd04ff014 2211 libs optional
xine-lib_1.1.10.1-2+lenny2.dsc
3ecf6cf76b8c22a33c78af1658bf1711 34458 libs optional
xine-lib_1.1.10.1-2+lenny2.diff.gz
a87d8d93d0b0b8d95f7721790e165319 142966 doc optional
libxine1-doc_1.1.10.1-2+lenny2_all.deb
ec5a4e8d5f2c892d87267d62f31aaba6 50544 libs extra
libxine1-plugins_1.1.10.1-2+lenny2_all.deb
b5f50475db6743ff21b2afd634e60278 50556 libs extra
libxine1-all-plugins_1.1.10.1-2+lenny2_all.deb
649fe6a291271bd0e92cf4ca87d08679 1268 libs optional
libxine1_1.1.10.1-2+lenny2_amd64.deb
c98dcf0ad1e31901563da86b8b4f5db0 1604388 libs optional
libxine1-bin_1.1.10.1-2+lenny2_amd64.deb
d8eb40ef504fe4ff34e83c22e0cbba96 328448 libdevel optional
libxine-dev_1.1.10.1-2+lenny2_amd64.deb
89fe1bd8c31269760658c0de70e1c7e0 380268 libs optional
libxine1-ffmpeg_1.1.10.1-2+lenny2_amd64.deb
a0a04f8aee0a952969cbbf7ad7d87775 15220 libs optional
libxine1-gnome_1.1.10.1-2+lenny2_amd64.deb
23d7096e4976cf8fdf009484610d3977 57688 libs extra
libxine1-console_1.1.10.1-2+lenny2_amd64.deb
a58a93d8fb2cddd36afbfd63bf0c8fa5 209504 libs optional
libxine1-x_1.1.10.1-2+lenny2_amd64.deb
f620e31f218b741b78d82f81546f0e2d 797726 libs optional
libxine1-misc-plugins_1.1.10.1-2+lenny2_amd64.deb
e17a7735fa7bb11f4719e20e6c29fdde 3701936 libs extra
libxine1-dbg_1.1.10.1-2+lenny2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIHy9MHYflSXNkfP8RAuTSAJ9FH6spes5TmonfTOl0gOJhC3yBsACcDSuT
pUFRqyH915uFIt4x/2Glu0k=
=Uc8W
-----END PGP SIGNATURE-----
--- End Message ---
