Your message dated Sun, 09 Nov 2008 21:02:48 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#504639: fixed in vlc 0.9.6-1 has caused the Debian Bug report #504639, regarding vlc: buffer overflow in CUE support to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504639 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: vlc-nox Version: 0.8.6.h-4.1 Severity: grave Tags: security Justification: user security hole Hello, When parsing the header of an invalid CUE image file or an invalid RealText subtitle file, stack-based buffer overflows might occur: http://www.videolan.org/security/sa0810.html (I believe the RealText problem only affects experimental) Regargs. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str ii libasound2 1.0.16-2 ALSA library ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libavc1394-0 0.5.3-1+b1 control IEEE 1394 audio/video devi ii libavcodec51 0.svn20080206-14 ffmpeg codec library ii libavformat52 0.svn20080206-14 ffmpeg file format library ii libavutil49 0.svn20080206-14 ffmpeg utility library ii libc6 2.7-15 GNU C Library: Shared libraries ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM ii libdbus-1-3 1.2.1-4 simple interprocess messaging syst ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta ii libdvdnav4 4.1.2-3 DVD navigation library ii libdvdread3 0.9.7-11 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder - ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libfribidi0 0.10.9-1 Free Implementation of the Unicode ii libgcc1 1:4.3.2-1 GCC support library ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgnutls26 2.4.2-1 the GNU TLS library - runtime libr ii libhal1 0.5.11-6 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files ii liblircclient0 0.8.3-3 infra-red remote control support - ii libmad0 0.15.1b-3 MPEG audio decoder library ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas ii libmpcdec3 1.2.2-1 Musepack (MPC) format library ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr ii libncurses5 5.6+20081025-1 shared libraries for terminal hand ii libogg0 1.1.3-4 Ogg Bitstream Library ii libpng12-0 1.2.27-2 PNG library - runtime ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar ii libraw1394-8 1.3.0-4 library for direct access to IEEE ii libsmbclient 2:3.2.4-1 shared library that allows applica ii libspeex1 1.2~rc1-1 The Speex codec runtime library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libsysfs2 2.1.0-5 interface library to sysfs ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar ii libvcdinfo0 0.7.23-4 library to extract information fro ii libvlc0 0.8.6.h-4.1 multimedia player and streamer lib ii libvorbis0a 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi ii libxml2 2.6.32.dfsg-4 GNOME XML library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime vlc-nox recommends no packages. vlc-nox suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: vlc Source-Version: 0.9.6-1 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: libvlc-dev_0.9.6-1_i386.deb to pool/main/v/vlc/libvlc-dev_0.9.6-1_i386.deb libvlc2_0.9.6-1_i386.deb to pool/main/v/vlc/libvlc2_0.9.6-1_i386.deb libvlccore-dev_0.9.6-1_i386.deb to pool/main/v/vlc/libvlccore-dev_0.9.6-1_i386.deb libvlccore0_0.9.6-1_i386.deb to pool/main/v/vlc/libvlccore0_0.9.6-1_i386.deb mozilla-plugin-vlc_0.9.6-1_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.9.6-1_i386.deb vlc-data_0.9.6-1_all.deb to pool/main/v/vlc/vlc-data_0.9.6-1_all.deb vlc-dbg_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-dbg_0.9.6-1_i386.deb vlc-nox_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-nox_0.9.6-1_i386.deb vlc-plugin-arts_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.9.6-1_i386.deb vlc-plugin-esd_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.9.6-1_i386.deb vlc-plugin-ggi_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.9.6-1_i386.deb vlc-plugin-jack_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-plugin-jack_0.9.6-1_i386.deb vlc-plugin-pulse_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-plugin-pulse_0.9.6-1_i386.deb vlc-plugin-sdl_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.9.6-1_i386.deb vlc-plugin-svgalib_0.9.6-1_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.9.6-1_i386.deb vlc_0.9.6-1.diff.gz to pool/main/v/vlc/vlc_0.9.6-1.diff.gz vlc_0.9.6-1.dsc to pool/main/v/vlc/vlc_0.9.6-1.dsc vlc_0.9.6-1_i386.deb to pool/main/v/vlc/vlc_0.9.6-1_i386.deb vlc_0.9.6.orig.tar.gz to pool/main/v/vlc/vlc_0.9.6.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christophe Mutricy <[EMAIL PROTECTED]> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 08 Nov 2008 03:14:29 +0100 Source: vlc Binary: vlc vlc-dbg vlc-nox libvlccore0 libvlc2 libvlccore-dev libvlc-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack vlc-plugin-pulse vlc-data Architecture: source all i386 Version: 0.9.6-1 Distribution: experimental Urgency: low Maintainer: Debian multimedia packages maintainers <[EMAIL PROTECTED]> Changed-By: Christophe Mutricy <[EMAIL PROTECTED]> Description: libvlc-dev - development files for VLC libvlc2 - multimedia player and streamer library libvlccore-dev - development files for VLC libvlccore0 - multimedia player and streamer library mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC vlc - multimedia player and streamer vlc-data - Common data for VLC vlc-dbg - debugging symbols for vlc vlc-nox - multimedia player and streamer (without X support) vlc-plugin-arts - aRts audio output plugin for VLC vlc-plugin-esd - Esound audio output plugin for VLC vlc-plugin-ggi - GGI video output plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svgalib - SVGAlib video output plugin for VLC Closes: 499063 504639 Changes: vlc (0.9.6-1) experimental; urgency=low . [ Reinhard Tartler ] * Build against libass. Closes: #499063, LP: #210354, #199870 * Explicitly build against libdca in debian/rules * Tighten build depends on a libass-dev version that ships without .la file . [ Christophe Mutricy ] * New bugfix upstream releases + Remove 402_tivo_overflow.diff + Fix buffer overflow in CUE demuxer (Closes: #504639) + Fix buffer overflow in Realtext decoder * Honor DEB_BUILD_OPTIONS * Rebootstrap in order to avoid problem with .la Checksums-Sha1: 0e173d1ff3cc7c326332587c49c7a3f160fadfc7 3385 vlc_0.9.6-1.dsc 54bc3f7845c090142743a78ca371f9ca445ec1aa 22741758 vlc_0.9.6.orig.tar.gz de8cae0d421872f173095b83efab9f00b7b72756 380876 vlc_0.9.6-1.diff.gz bf5a6e3d22d85986c9b20fddcbed19875bfa7cd8 5199074 vlc-data_0.9.6-1_all.deb d68358beb44e1770433798d6f29c6f58e044b942 1651736 vlc_0.9.6-1_i386.deb ce59ace051c0e4fbd1fe1fe12ab795ae8e0555ea 10815938 vlc-dbg_0.9.6-1_i386.deb 4edd55587643c06e49af961f27577648e691c7d1 2726044 vlc-nox_0.9.6-1_i386.deb 108d094cc7dec0dbc78321d749d0b0a3703c453b 390662 libvlccore0_0.9.6-1_i386.deb 967b9a30284ab2c4d56d63feb40f01b1d977d9cd 46336 libvlc2_0.9.6-1_i386.deb 76c09025b9fb2c927873c0a364b8b1061beb04ee 524854 libvlccore-dev_0.9.6-1_i386.deb ebabeae4da52385ffef21da5cfd08b06dea3ddab 61858 libvlc-dev_0.9.6-1_i386.deb 74531c2a192b51543d05068101449d3358e94c09 4700 vlc-plugin-esd_0.9.6-1_i386.deb 934b2ccbdd4c7f8abd7722dcd28a345103f89f16 11608 vlc-plugin-sdl_0.9.6-1_i386.deb fa8360301190623bbca1f84ccffcafdfcdbd67e3 5960 vlc-plugin-ggi_0.9.6-1_i386.deb 16c71a65fef78a4ed7e9d57916b012910e42fd4f 3940 vlc-plugin-arts_0.9.6-1_i386.deb c264faadff97078bb8a3f0e1b3edd83b6e69e6ac 38152 mozilla-plugin-vlc_0.9.6-1_i386.deb 10ed390467b1c87dd6f8c1b0554cdd1aaad17563 4548 vlc-plugin-svgalib_0.9.6-1_i386.deb f0c7c1556f91a7191771d1d82fb86b67b11d733b 10712 vlc-plugin-jack_0.9.6-1_i386.deb 54621323261939f3366b767fbd53db634ab4179b 6872 vlc-plugin-pulse_0.9.6-1_i386.deb Checksums-Sha256: 2e8cb2e3af5f759997adff9166b003dc65d7dcb4fced83389d3d13e9080697a0 3385 vlc_0.9.6-1.dsc 91ce2a506f0fcd4a84c3fcb1521228b74403eefeddf801588cebdd1df68086d2 22741758 vlc_0.9.6.orig.tar.gz 4ea41e3254b41a3f56512a0e10aea475240011aad2ab7f97a209ca3b9f59872c 380876 vlc_0.9.6-1.diff.gz 56c8f0fb151a6258bf81ca7008edf962b893490a9765a6a3726eb6ebe07e841a 5199074 vlc-data_0.9.6-1_all.deb 735c84bd3a1f9928a8cc51986ceccbaab9594cd9c1ce262d5f45661f990820b1 1651736 vlc_0.9.6-1_i386.deb ebd2b9d52454c3b5585af5ccd7ce51ddf60aec6b928e33548b9db0937a8ef8fc 10815938 vlc-dbg_0.9.6-1_i386.deb 747e55890e59f8f5c03d0b2fc89f8cbe7c5bf874a380edfb174a787b643d3189 2726044 vlc-nox_0.9.6-1_i386.deb 93728ea64ef471f1faa50a4cf4a56b52d9c86fe167124c6bce2e79a4dc865b70 390662 libvlccore0_0.9.6-1_i386.deb ba1177cf093f28a3226eefe1670767a94aabc6375e0bcee30198c8769773c76e 46336 libvlc2_0.9.6-1_i386.deb 3c41e6f573e3ca56af03c70beacbc7ac4259ba2d57c5b8c199c5e9b96ee29456 524854 libvlccore-dev_0.9.6-1_i386.deb f223e8154a31ce71aaa513fb7b97205632182d44a4662b2fd36d7f6d0b04c4cd 61858 libvlc-dev_0.9.6-1_i386.deb 2189e79e348bfed523d8d396ec46fd6d13684e574dccce63841832930cb07bb2 4700 vlc-plugin-esd_0.9.6-1_i386.deb 361f00d7c2a5f5a919fa71e3a35ed11c6cc32cc430517fc0b3abfe9eb699a21a 11608 vlc-plugin-sdl_0.9.6-1_i386.deb 08800957df62d08b9bd5197ec3fe85f2136ef9cf4521b1c5df08d7406f1c37ac 5960 vlc-plugin-ggi_0.9.6-1_i386.deb ea5962c65411241553fafce39ef34225dbead7f52ee4ce1f8404dacc72119f7b 3940 vlc-plugin-arts_0.9.6-1_i386.deb 147293ffb9f3428adde571b4071852b3bef8ff5423c0b2016fcbe8f90c6125a1 38152 mozilla-plugin-vlc_0.9.6-1_i386.deb 847f38c9a4941890f5f9bbf479e748d1dc75098b74a2e002809565f85e9a9075 4548 vlc-plugin-svgalib_0.9.6-1_i386.deb 68cf47b1507f8f57d1f78cd0a88e995fc28e6b63d76f2e965638c2a2dd700b90 10712 vlc-plugin-jack_0.9.6-1_i386.deb 094e5ec9c1d91e07b52f902b1706dd0a51c22eff213205f21321f4344ccb52c9 6872 vlc-plugin-pulse_0.9.6-1_i386.deb Files: ead51609f7e2d3318faa57b2d4dba1ad 3385 graphics optional vlc_0.9.6-1.dsc 74688e00d01c6db2c8047588918081c5 22741758 graphics optional vlc_0.9.6.orig.tar.gz 35cd32c1e8f413ca5476a7a75d941a1f 380876 graphics optional vlc_0.9.6-1.diff.gz 7d271be06680c38c181d6fae44270f4e 5199074 graphics optional vlc-data_0.9.6-1_all.deb c2ba3c03cf8697f006dba0cbc5b1a001 1651736 graphics optional vlc_0.9.6-1_i386.deb 4e98e426452d4a2bcb6802e8df86a805 10815938 graphics extra vlc-dbg_0.9.6-1_i386.deb 09033e16605c852faf17a0089da23379 2726044 net optional vlc-nox_0.9.6-1_i386.deb 5f5b78cc309661e4ade203fbd23863a2 390662 libs optional libvlccore0_0.9.6-1_i386.deb 035055c4e10c3f30c505d489d631406e 46336 libs optional libvlc2_0.9.6-1_i386.deb 5cf0b5fb4a3731fa3866e7145b6d1659 524854 libdevel optional libvlccore-dev_0.9.6-1_i386.deb 496b884586061bd5287cf3f245c1b4b3 61858 libdevel optional libvlc-dev_0.9.6-1_i386.deb d61f3e4be011dd3e460209b65547e5d7 4700 graphics optional vlc-plugin-esd_0.9.6-1_i386.deb 3a9e989406a35f9fdfb1fc639b672635 11608 graphics optional vlc-plugin-sdl_0.9.6-1_i386.deb bd27a13ef1e9e468e0590fa1372e6e7c 5960 graphics optional vlc-plugin-ggi_0.9.6-1_i386.deb ed7c13c2ced177605b99688f903e9712 3940 graphics optional vlc-plugin-arts_0.9.6-1_i386.deb c2ce020995257e37757e8001315e8da3 38152 graphics optional mozilla-plugin-vlc_0.9.6-1_i386.deb 0391ae77a70793b6af39278bce3b210a 4548 graphics optional vlc-plugin-svgalib_0.9.6-1_i386.deb e6f05d383d319f92ad14ffbae06ef695 10712 graphics optional vlc-plugin-jack_0.9.6-1_i386.deb 73e7ddb56cb2683ae677dec2aefd37de 6872 graphics optional vlc-plugin-pulse_0.9.6-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Debian Powered! iJwEAQECAAYFAkkXSXgACgkQ78RAoABp8o+soQP+J2paNIlRXMgwvRcgz7syh0aR kl0XkYnwlNpjcndF2VwhPtWVN386az06O2wdeo7J35aBO+KZ3b7cmnP0SOdH1T/9 uXCl80+dAlAXgcSLIXgt1pSY2mRJiNqCMoXuPS1uiyh4K391IcLmKSCZEDTVb8xa 1zpTrkoilnReyvGlshk= =HXrD -----END PGP SIGNATURE-----
--- End Message ---
