Your message dated Thu, 06 Nov 2008 00:02:09 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504639: fixed in vlc 0.8.6.h-5
has caused the Debian Bug report #504639,
regarding vlc: buffer overflow in CUE support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504639
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: vlc-nox
Version: 0.8.6.h-4.1
Severity: grave
Tags: security
Justification: user security hole
Hello,
When parsing the header of an invalid CUE image file or an invalid
RealText subtitle file, stack-based buffer overflows might occur:
http://www.videolan.org/security/sa0810.html
(I believe the RealText problem only affects experimental)
Regargs.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc-nox depends on:
ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str
ii libasound2 1.0.16-2 ALSA library
ii libavahi-client3 0.6.23-2 Avahi client library
ii libavahi-common3 0.6.23-2 Avahi common library
ii libavc1394-0 0.5.3-1+b1 control IEEE 1394 audio/video devi
ii libavcodec51 0.svn20080206-14 ffmpeg codec library
ii libavformat52 0.svn20080206-14 ffmpeg file format library
ii libavutil49 0.svn20080206-14 ffmpeg utility library
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM
ii libdbus-1-3 1.2.1-4 simple interprocess messaging syst
ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta
ii libdvdnav4 4.1.2-3 DVD navigation library
ii libdvdread3 0.9.7-11 library for reading DVDs
ii libebml0 0.7.7-3.1 access library for the EBML format
ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder -
ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim
ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib
ii libfribidi0 0.10.9-1 Free Implementation of the Unicode
ii libgcc1 1:4.3.2-1 GCC support library
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgnutls26 2.4.2-1 the GNU TLS library - runtime libr
ii libhal1 0.5.11-6 Hardware Abstraction Layer - share
ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M
ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files
ii liblircclient0 0.8.3-3 infra-red remote control support -
ii libmad0 0.15.1b-3 MPEG audio decoder library
ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid
ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas
ii libmpcdec3 1.2.2-1 Musepack (MPC) format library
ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr
ii libncurses5 5.6+20081025-1 shared libraries for terminal hand
ii libogg0 1.1.3-4 Ogg Bitstream Library
ii libpng12-0 1.2.27-2 PNG library - runtime
ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar
ii libraw1394-8 1.3.0-4 library for direct access to IEEE
ii libsmbclient 2:3.2.4-1 shared library that allows applica
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3
ii libsysfs2 2.1.0-5 interface library to sysfs
ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec
ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar
ii libvcdinfo0 0.7.23-4 library to extract information fro
ii libvlc0 0.8.6.h-4.1 multimedia player and streamer lib
ii libvorbis0a 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi
ii libxml2 2.6.32.dfsg-4 GNOME XML library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
vlc-nox recommends no packages.
vlc-nox suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 0.8.6.h-5
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:
libvlc0-dev_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/libvlc0-dev_0.8.6.h-5_amd64.deb
libvlc0_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/libvlc0_0.8.6.h-5_amd64.deb
mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
vlc-nox_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc-nox_0.8.6.h-5_amd64.deb
vlc-plugin-arts_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-5_amd64.deb
vlc-plugin-esd_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-5_amd64.deb
vlc-plugin-ggi_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-5_amd64.deb
vlc-plugin-jack_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-5_amd64.deb
vlc-plugin-sdl_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-5_amd64.deb
vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
vlc_0.8.6.h-5.diff.gz
to pool/main/v/vlc/vlc_0.8.6.h-5.diff.gz
vlc_0.8.6.h-5.dsc
to pool/main/v/vlc/vlc_0.8.6.h-5.dsc
vlc_0.8.6.h-5_amd64.deb
to pool/main/v/vlc/vlc_0.8.6.h-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christophe Mutricy <[EMAIL PROTECTED]> (supplier of updated vlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 05 Nov 2008 22:02:06 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl
vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc
vlc-plugin-svgalib vlc-plugin-jack
Architecture: source amd64
Version: 0.8.6.h-5
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <[EMAIL PROTECTED]>
Changed-By: Christophe Mutricy <[EMAIL PROTECTED]>
Description:
libvlc0 - multimedia player and streamer library
libvlc0-dev - development files for VLC
mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
vlc - multimedia player and streamer
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-arts - aRts audio output plugin for VLC
vlc-plugin-esd - Esound audio output plugin for VLC
vlc-plugin-ggi - GGI video output plugin for VLC
vlc-plugin-glide - Glide video output plugin for VLC
vlc-plugin-jack - Jack audio plugins for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 504639
Changes:
vlc (0.8.6.h-5) unstable; urgency=high
.
* Acknowledge NMU by Nico Golde. Thanks.
* Fix buffer overflow in CUE demuxer (Closes: #504639)
Checksums-Sha1:
708303a2a3598c109586157f80762a3b12525238 3053 vlc_0.8.6.h-5.dsc
2a0f2d2ddfd75d808de6b73b60c07df08f4385b4 45674 vlc_0.8.6.h-5.diff.gz
6192660b226bd033faaf8775d60351b16821c33e 1102540 vlc_0.8.6.h-5_amd64.deb
2998fef2082eae7a63a9c1a5fe5bc5d4c337f730 4958608 vlc-nox_0.8.6.h-5_amd64.deb
3391fa30c1b29c30a16df48b970b9b822c44f656 461290 libvlc0_0.8.6.h-5_amd64.deb
3f56b402cc2de9ea14f22e306f8fa1a7fd862457 501892 libvlc0-dev_0.8.6.h-5_amd64.deb
646932e99ddc0f42cb3ab7c85cb77d5d19a2be7c 4574
vlc-plugin-esd_0.8.6.h-5_amd64.deb
15849638ba26401f4ae4589553ea4036cd091597 11730
vlc-plugin-sdl_0.8.6.h-5_amd64.deb
1a0cc5a9f5fcafad62d42521115fac56e1a50a0b 6232
vlc-plugin-ggi_0.8.6.h-5_amd64.deb
1b5e8851c51b6190140408a87fe1eaffec747405 4222
vlc-plugin-arts_0.8.6.h-5_amd64.deb
5dd9fefd3c5ea3366abcc724f71fd827ac7271dc 37418
mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
1d37ed723f02e836c828b4869c2e661a6c153f66 4796
vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
76e6c646ebeffebdac016db5282b3a4150c087f3 4980
vlc-plugin-jack_0.8.6.h-5_amd64.deb
Checksums-Sha256:
c19b93efb19e28f28c1fbb2700b7fa394f2451ad6c2d86e3ea3c69d6201ff589 3053
vlc_0.8.6.h-5.dsc
ef707a0d4dbc822db6603d5946d6ba6871657a0648793853d607f67b2798f911 45674
vlc_0.8.6.h-5.diff.gz
db77785d86364c144a979a528c55d3e11055b0d2d980213e46ba03f138f7bf3b 1102540
vlc_0.8.6.h-5_amd64.deb
f859a115fb5e5ab19b16680367ffee2ac76c512fa78830cef4bb1beb8c436228 4958608
vlc-nox_0.8.6.h-5_amd64.deb
404606d11b3a0910bb1747ba9bbd8d6f459b89697366b15eba2101647128e6f6 461290
libvlc0_0.8.6.h-5_amd64.deb
a980844394c1ad93ede0902cf66e9161ea5e3fe842b98c9a07063651773067e2 501892
libvlc0-dev_0.8.6.h-5_amd64.deb
dd12da5143a2213d75b0e33f4b93a00ebc2414b06b3c066e860812f559c8b27f 4574
vlc-plugin-esd_0.8.6.h-5_amd64.deb
ac39a044086126d73cdc4ccf46170969d81f2a0a39d7a674a8bb8b237b83f315 11730
vlc-plugin-sdl_0.8.6.h-5_amd64.deb
44edc1b24714327418a3be86bd82a35c657fdccc4a972f110694a530007cc772 6232
vlc-plugin-ggi_0.8.6.h-5_amd64.deb
8c06bcdd41e508b8e12234c69faaab3d8ed0543c80e677c11927ff8b9d44877b 4222
vlc-plugin-arts_0.8.6.h-5_amd64.deb
2b4c7d57e1bea5e3d73a95e07cef76543d2a40a550993bfa1e7aaea2009dfe6d 37418
mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
a4258cbc9ab0322d03cb600f05ac83ee1848029ba112bf25bdc9c82b8cab0ca2 4796
vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
7a17d10bb7df6881642cc60c2db7fd6bc7b5c05db314a0e4e130d52dc851400c 4980
vlc-plugin-jack_0.8.6.h-5_amd64.deb
Files:
a013e69c39478bb5a1a83de6a0a5e97d 3053 graphics optional vlc_0.8.6.h-5.dsc
d1b2d7272016cc18e4f41889a554129a 45674 graphics optional vlc_0.8.6.h-5.diff.gz
aea864dac649966d4f604a5cd2fdff81 1102540 graphics optional
vlc_0.8.6.h-5_amd64.deb
6472e804ca0ade946ae308d0c8d60372 4958608 net optional
vlc-nox_0.8.6.h-5_amd64.deb
e875861f03b35c260493dd41bf2c07a7 461290 libs optional
libvlc0_0.8.6.h-5_amd64.deb
f9bca2b8fbcab43ed381889332a3ee5d 501892 libdevel optional
libvlc0-dev_0.8.6.h-5_amd64.deb
157812bcbb4ebdc59691eb894fcb76fb 4574 graphics optional
vlc-plugin-esd_0.8.6.h-5_amd64.deb
6b9f87cc193dc099a717a5cee243ea97 11730 graphics optional
vlc-plugin-sdl_0.8.6.h-5_amd64.deb
977f19f5d9cbea3cdf6afae5abd70594 6232 graphics optional
vlc-plugin-ggi_0.8.6.h-5_amd64.deb
6b42024110a94a2b77e458ce93e41c59 4222 graphics optional
vlc-plugin-arts_0.8.6.h-5_amd64.deb
e31aaef2ffc9dabb636e59842140dad1 37418 graphics optional
mozilla-plugin-vlc_0.8.6.h-5_amd64.deb
cf1b703000f324569616beb843d7d5bf 4796 graphics optional
vlc-plugin-svgalib_0.8.6.h-5_amd64.deb
4d2c6e83fb05f6c8e23fda46badfb104 4980 graphics optional
vlc-plugin-jack_0.8.6.h-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkSMWYACgkQHYflSXNkfP8/1ACfY08a6ut5F4SHD3uBFpvlzKxT
1DQAn1MHVeow15+A55Mux4MWqb9eBa/m
=4xmx
-----END PGP SIGNATURE-----
--- End Message ---
