Your message dated Thu, 06 Nov 2008 00:02:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#504639: fixed in vlc 0.8.6.h-4+lenny2 has caused the Debian Bug report #504639, regarding vlc: buffer overflow in CUE support to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504639 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: vlc-nox Version: 0.8.6.h-4.1 Severity: grave Tags: security Justification: user security hole Hello, When parsing the header of an invalid CUE image file or an invalid RealText subtitle file, stack-based buffer overflows might occur: http://www.videolan.org/security/sa0810.html (I believe the RealText problem only affects experimental) Regargs. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str ii libasound2 1.0.16-2 ALSA library ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libavc1394-0 0.5.3-1+b1 control IEEE 1394 audio/video devi ii libavcodec51 0.svn20080206-14 ffmpeg codec library ii libavformat52 0.svn20080206-14 ffmpeg file format library ii libavutil49 0.svn20080206-14 ffmpeg utility library ii libc6 2.7-15 GNU C Library: Shared libraries ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM ii libdbus-1-3 1.2.1-4 simple interprocess messaging syst ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta ii libdvdnav4 4.1.2-3 DVD navigation library ii libdvdread3 0.9.7-11 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder - ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libfribidi0 0.10.9-1 Free Implementation of the Unicode ii libgcc1 1:4.3.2-1 GCC support library ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgnutls26 2.4.2-1 the GNU TLS library - runtime libr ii libhal1 0.5.11-6 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files ii liblircclient0 0.8.3-3 infra-red remote control support - ii libmad0 0.15.1b-3 MPEG audio decoder library ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas ii libmpcdec3 1.2.2-1 Musepack (MPC) format library ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr ii libncurses5 5.6+20081025-1 shared libraries for terminal hand ii libogg0 1.1.3-4 Ogg Bitstream Library ii libpng12-0 1.2.27-2 PNG library - runtime ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar ii libraw1394-8 1.3.0-4 library for direct access to IEEE ii libsmbclient 2:3.2.4-1 shared library that allows applica ii libspeex1 1.2~rc1-1 The Speex codec runtime library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libsysfs2 2.1.0-5 interface library to sysfs ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar ii libvcdinfo0 0.7.23-4 library to extract information fro ii libvlc0 0.8.6.h-4.1 multimedia player and streamer lib ii libvorbis0a 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi ii libxml2 2.6.32.dfsg-4 GNOME XML library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime vlc-nox recommends no packages. vlc-nox suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: vlc Source-Version: 0.8.6.h-4+lenny2 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb libvlc0_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/libvlc0_0.8.6.h-4+lenny2_amd64.deb mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb vlc-nox_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2_amd64.deb vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb vlc_0.8.6.h-4+lenny2.diff.gz to pool/main/v/vlc/vlc_0.8.6.h-4+lenny2.diff.gz vlc_0.8.6.h-4+lenny2.dsc to pool/main/v/vlc/vlc_0.8.6.h-4+lenny2.dsc vlc_0.8.6.h-4+lenny2_amd64.deb to pool/main/v/vlc/vlc_0.8.6.h-4+lenny2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 06 Nov 2008 00:32:12 +0100 Source: vlc Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack Architecture: source amd64 Version: 0.8.6.h-4+lenny2 Distribution: testing-security Urgency: high Maintainer: Debian multimedia packages maintainers <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: libvlc0 - multimedia player and streamer library libvlc0-dev - development files for VLC mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-nox - multimedia player and streamer (without X support) vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-glide - Glide video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC Closes: 504639 Changes: vlc (0.8.6.h-4+lenny2) testing-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix buffer overflow in CUE demuxer (No CVE id yet; Closes: #504639). Checksums-Sha1: cbe044280be97a30ba9629a0e60df62362c9c16f 3081 vlc_0.8.6.h-4+lenny2.dsc 3333e27007811437e21638f8437350ed843c65af 45147 vlc_0.8.6.h-4+lenny2.diff.gz 1076eed608e8bbbd48058d0303d6c297c98890f2 1096986 vlc_0.8.6.h-4+lenny2_amd64.deb 38ca9b2b10fb08a5811e1ec2984f8f066a608423 4954028 vlc-nox_0.8.6.h-4+lenny2_amd64.deb 6de47937b423a7ad06933aa841b0b4d86c3e039d 462438 libvlc0_0.8.6.h-4+lenny2_amd64.deb 63f772670be58b576457cda42e87a5ab43c0b880 501464 libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb 6cb8cf8450f28ca65ad13e0c8e8f46acbf7b8029 4584 vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb e0ccb74170349cdeecb603a77bddef0841604e82 11754 vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb 79ab8cbd75dbc644a254c2883f63ff4adf9382a5 6240 vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb 26c1677a758eb93d38500cabe86b03bf372d4bbb 4226 vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb e55a01e50d08ef88d6ce7b279a653908a0c266b7 37420 mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb e5fc39e1b85fbc23a99d50a59ccb343942795451 4810 vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb ad0f013efed0a2cba1bc9951b33344acf568860f 4990 vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb Checksums-Sha256: b29b61099ed1feec2b9b8b1079102beef0f4bbd0cfc10ca6b7db75db786cbb81 3081 vlc_0.8.6.h-4+lenny2.dsc 6b3b74ef3dcee683b032e561d60ce80de90515679a189252df9ee2830b47f8bb 45147 vlc_0.8.6.h-4+lenny2.diff.gz 9f60f9d2ba4084ec02505922e4fde8f7bd9a53c96aa8bea34ac637f8d1d8d656 1096986 vlc_0.8.6.h-4+lenny2_amd64.deb affa9aa058c0d16443ae32344005422ecb1fe46dde27480852790f121f35db6d 4954028 vlc-nox_0.8.6.h-4+lenny2_amd64.deb 1d1a62e36345f55c5d5b083adc3309d72058711461053acd6edd043301b1b777 462438 libvlc0_0.8.6.h-4+lenny2_amd64.deb 852a24636cc58c1e559095634901cc73e43311cd1a0d0adc8e5effae90d526e3 501464 libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb b222f18385ec665c28d5cf3e7533afef40426b521b240c7e8386d8497eba511e 4584 vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb 499db76e295afee39c966a84c34006eef5396884602f4163710e8e5956418113 11754 vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb b4f219b873f73812a66865402b6ba4e473720e3ca959f059834f0b25fbd89249 6240 vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb 94d15a9feae59d29c54d6107c4f46d77de8117029cb9717a3a2124a204ef490f 4226 vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb 5793169740f7780e0570f4ec34f4bd8c0b1490075c290d5b839b9edc05dd693b 37420 mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb c16d19464c6a4e1d17dbae95b671f92d05b512f2f1f4a19eda908c2e97fea290 4810 vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb 229c048a253ce6e84dca44e34215afb6b689bc4ef268d2556c3ca65eb4a85723 4990 vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb Files: 3146b834a25c88841c88f6481a9d73cd 3081 graphics optional vlc_0.8.6.h-4+lenny2.dsc a3b15eddc0b078e448b4097213a67ab9 45147 graphics optional vlc_0.8.6.h-4+lenny2.diff.gz 5cd893400bbb7c54f0c7b9ab8c6095ad 1096986 graphics optional vlc_0.8.6.h-4+lenny2_amd64.deb 1b4c78aa9803ce1952e23a5d5977d1cb 4954028 net optional vlc-nox_0.8.6.h-4+lenny2_amd64.deb cfde829d6e92f22541153c8a6fec6a5b 462438 libs optional libvlc0_0.8.6.h-4+lenny2_amd64.deb 0a54387c67b3c90dc0f4c28b5b149b32 501464 libdevel optional libvlc0-dev_0.8.6.h-4+lenny2_amd64.deb 7dd76a2eddc359dcb4f8b6540b9f83be 4584 graphics optional vlc-plugin-esd_0.8.6.h-4+lenny2_amd64.deb c3a99f3752e21904922e900cbc577357 11754 graphics optional vlc-plugin-sdl_0.8.6.h-4+lenny2_amd64.deb 36193daff143a9740e895339877d347c 6240 graphics optional vlc-plugin-ggi_0.8.6.h-4+lenny2_amd64.deb 0e0ee3ff796d9cb2cd89d6c07e16edb5 4226 graphics optional vlc-plugin-arts_0.8.6.h-4+lenny2_amd64.deb 7211b4b15bdb9aa465f1f968f090bb80 37420 graphics optional mozilla-plugin-vlc_0.8.6.h-4+lenny2_amd64.deb f6251fa19adcf2b373a2034f9c5dd6d1 4810 graphics optional vlc-plugin-svgalib_0.8.6.h-4+lenny2_amd64.deb 465fd24cd17b6f89a17156b975b36a0d 4990 graphics optional vlc-plugin-jack_0.8.6.h-4+lenny2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkSMA8ACgkQHYflSXNkfP/G7gCfThTH5JXmrEVQOoG5MFqiDzEw RuUAn0/2fPFDPSrr5V81G0+/MkDWdYMQ =mV2q -----END PGP SIGNATURE-----
--- End Message ---
