Your message dated Sat, 17 Feb 2007 12:10:32 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#405425: fixed in vlc 0.8.1.svn20050314-1sarge2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: vlc
Version: 0.8.6-svn20061012.debian-1
Severity: critical
Tags: security
Justification: root security hole
Description:
Multiple vulnerabilities have been identified in VideoLAN VLC, which could be
exploited by attackers to take complete control of an affected system. These
issues
are due to format string errors in the "cdio_log_handler()" and
"vcd_log_handler()" functions that call "msg_Dbg()", "msg_Warn()", and
"msg_Err()" in an insecure
manner, which could be exploited by remote attackers to execute arbitrary
commands by tricking a user into visiting a specially crafted web page or
opening a
malicious M3U playlist.
Affected:
VideoLAN VLC version 0.8.6 and prior
Solution:
A fix is available via SVN :
http://trac.videolan.org/vlc/changeset/18481
References:
http://www.frsirt.com/english/advisories/2007/0026
http://projects.info-pull.com/moab/MOAB-02-01-2007.html
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 0.8.1.svn20050314-1sarge2
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:
gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb
gvlc_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_i386.deb
kvlc_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_i386.deb
libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb
mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb
qvlc_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_i386.deb
vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb
vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb
vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb
vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb
vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb
vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb
vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb
vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb
vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb
vlc_0.8.1.svn20050314-1sarge2.diff.gz
to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.diff.gz
vlc_0.8.1.svn20050314-1sarge2.dsc
to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.dsc
vlc_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_i386.deb
wxvlc_0.8.1.svn20050314-1sarge2_i386.deb
to pool/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> (supplier of updated vlc
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 15 Jan 2007 13:06:55 +0100
Source: vlc
Binary: vlc-esd wxvlc vlc-plugin-sdl kvlc gvlc vlc-plugin-alsa gnome-vlc vlc-qt
vlc-ggi mozilla-plugin-vlc vlc vlc-gnome vlc-gtk vlc-sdl vlc-alsa
vlc-plugin-svgalib vlc-glide vlc-plugin-ggi qvlc vlc-plugin-esd
vlc-plugin-glide vlc-plugin-arts libvlc0-dev
Architecture: source i386
Version: 0.8.1.svn20050314-1sarge2
Distribution: stable-security
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Changed-By: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Description:
gnome-vlc - GNOME frontend for VLC (dummy legacy package)
gvlc - GTK+ frontend for VLC (dummy legacy package)
kvlc - KDE frontend for VLC (dummy legacy package)
libvlc0-dev - development files for VLC
mozilla-plugin-vlc - multimedia plugin for Mozilla based on VLC
qvlc - Qt frontend for VLC (dummy legacy package)
vlc - multimedia player for all audio and video formats
vlc-alsa - ALSA audio output plugin for VLC (dummy legacy package)
vlc-esd - Esound audio output plugin for VLC (dummy legacy package)
vlc-ggi - GGI video output plugin for VLC (dummy legacy package)
vlc-glide - Glide video output plugin for VLC (dummy legacy package)
vlc-gnome - GNOME frontend for VLC (dummy legacy package)
vlc-gtk - GTK+ frontend for VLC (dummy legacy package)
vlc-plugin-alsa - ALSA audio output plugin for VLC
vlc-plugin-arts - aRts audio output plugin for VLC
vlc-plugin-esd - Esound audio output plugin for VLC
vlc-plugin-ggi - GGI video output plugin for VLC
vlc-plugin-glide - Glide video output plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svgalib - SVGAlib video output plugin for VLC
vlc-qt - Qt frontend for VLC (dummy legacy package)
vlc-sdl - SDL video and audio output plugin for VLC (dummy legacy package)
wxvlc - wxWindows frontend for VLC
Closes: 358026 405425
Changes:
vlc (0.8.1.svn20050314-1sarge2) stable-security; urgency=high
.
* modules/access/cdda/access.c modules/access/vcdx/access.c:
+ Fix format string vulnerabilities (CVE-2007-0017) (Closes: #405425).
* debian/control:
+ Build-conflict against libsmbclient-dev to avoid accidentally
depending on Samba libraries (Closes: #358026).
Files:
a8b1c32a0625845da8b035402064351b 1916 graphics optional
vlc_0.8.1.svn20050314-1sarge2.dsc
c1573565b4f6c5f5bc4fb0da0ef82c4e 1419 graphics optional
vlc_0.8.1.svn20050314-1sarge2.diff.gz
25303969db6cc0fbd49213be430df851 5248346 graphics optional
vlc_0.8.1.svn20050314-1sarge2_i386.deb
d543d6e9a80452fa3dde68aed95fba05 736194 libdevel optional
libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb
631a977a858357c6f33cdd65421d930d 1264 oldlibs optional
gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb
876395121224f2dde78efbe4d3a425cd 1272 oldlibs optional
gvlc_0.8.1.svn20050314-1sarge2_i386.deb
e74395e32b380ff0979bb93c743ecb41 4666 graphics optional
vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb
2bd7aba839974f5ec5b1c5eed3225898 10474 graphics optional
vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb
ee701ea8bac97ed56be2814487be9793 10588 graphics optional
vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb
3187af8067fcb58fcf04ee5cb6cd4a35 6390 graphics optional
vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb
20ac7a7d0058973532a507bba0f58b55 4668 graphics optional
vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb
9a5000ace56011a555a333097acdebb9 954 oldlibs optional
qvlc_0.8.1.svn20050314-1sarge2_i386.deb
9305542c6f92bba8159c925e22bc0d50 4424 graphics optional
vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb
58fbafb3f71ccc9d9160acd4e94d25e2 582328 graphics optional
mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb
38d79330ffd560b4070685e40356262c 974 oldlibs optional
kvlc_0.8.1.svn20050314-1sarge2_i386.deb
84514a7deb4f44cb93ea14ee48358e5b 4760 graphics optional
vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb
8cbfa4c613219d31e15e13ec6f4e119b 302658 graphics optional
wxvlc_0.8.1.svn20050314-1sarge2_i386.deb
182b1775c69f3d754c29eca2204ddcb3 872 oldlibs optional
vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb
c7d04205aa4816c4ba97191d8e09e648 872 oldlibs optional
vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb
5cfb1f247c297fa929c7cf781af2c63b 874 oldlibs optional
vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb
33fb31c2568f63d1adb9923c6f59c6bc 878 oldlibs optional
vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb
1df3ade097295fa2ef607d05fb542ae4 872 oldlibs optional
vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb
995f69c9cae4f5b2306a077a81e27f03 864 oldlibs optional
vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb
1b6298ba6ca8f1c11005a89173162f7d 860 oldlibs optional
vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb
30b7ceece36c56301704a431bc6138f0 878 oldlibs optional
vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFq5h4fPP1rylJn2ERAjj3AJ9ZEMfV1maJ4uX57lnuQKB2iDAosgCfaeas
X26xeXL5Ppvag+sSd02200U=
=zvYo
-----END PGP SIGNATURE-----
--- End Message ---
