Your message dated Sat, 10 Mar 2007 13:17:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#414075: fixed in mplayer 1.0~rc1-13
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: xine-lib
Version: 1.1.2+dfsg-2
Severity: grave
Tags: patch, security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 says:
"The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in
MPlayer 1.0rc1 and earlier does not set the biSize before use in a
memcpy, which allows user-assisted remote attackers to cause a buffer
overflow and possibly execute arbitrary code."
xine-lib has a copy of this code in src/libw32dll/. Attached is the
(tiny) patch I used in Ubuntu for 1.1.2.
--
Kees Cook @outflux.net
--- xine-lib-1.1.2+repacked1.orig/src/libw32dll/dmo/DMO_VideoDecoder.c
+++ xine-lib-1.1.2+repacked1/src/libw32dll/dmo/DMO_VideoDecoder.c
@@ -118,6 +118,7 @@
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
memcpy(this->iv.m_bh, format, bihs);
+ this->iv.m_bh->biSize = bihs;
this->iv.m_State = STOP;
//this->iv.m_pFrame = 0;
--- End Message ---
--- Begin Message ---
Source: mplayer
Source-Version: 1.0~rc1-13
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-doc_1.0~rc1-13_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc1-13_all.deb
mplayer_1.0~rc1-13.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc1-13.diff.gz
mplayer_1.0~rc1-13.dsc
to pool/main/m/mplayer/mplayer_1.0~rc1-13.dsc
mplayer_1.0~rc1-13_i386.deb
to pool/main/m/mplayer/mplayer_1.0~rc1-13_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Mennucc1 <[EMAIL PROTECTED]> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 10 Mar 2007 12:57:16 +0100
Source: mplayer
Binary: mplayer-doc mplayer
Architecture: source i386 all
Version: 1.0~rc1-13
Distribution: unstable
Urgency: low
Maintainer: A Mennucc1 <[EMAIL PROTECTED]>
Changed-By: A Mennucc1 <[EMAIL PROTECTED]>
Description:
mplayer - The Movie Player
mplayer-doc - documentation for MPlayer
Closes: 399144 404473 404975 405371 405945 408055 409431 412079 412252 413063
413120 413880 414075 414251 414392 414393 414394
Changes:
mplayer (1.0~rc1-13) unstable; urgency=low
.
* fix for CVE-2007-1246 and similar (Closes: #414075)
thanks Kees Cook & Moritz Jodeitand & R Togni
patches for files
loader/dmo/DMO_VideoDecoder.c from SVN 22204
loader/dshow/DS_VideoDecoder.c from SVN 22205
* [INTL] Japanese po-debconf templates translation,
thanks to Kobayashi Noritada (Closes: #413120).
* [INTL] Dutch po-debconf translation, thanks cobaco (Closes: #413880)
* [INTL] Russian po-debconf translation, thanks Yuri Kozlov (Closes:
#414251)
* patch for ia64 unaligned access crash,
thanks to Bryan Stillwell for debugging &
Reimar Döffinger for the patch (Closes: #409431).
* mplayer-doc: add doc-base documentation indexes,
thanks to Martintxo (Closes: #405945).
* binary_codecs.sh: check MD5 on downloaded stuff (Closes: #405371).
* binary_codecs.sh: check if bzip2 is there, and bail out
graciously otherwise; if untarring fails, allow for retry.
Fixes "binary_codecs.sh doesn't install already downloaded codecs",
thanks to Ingo Bressler for problem analysis (Closes: #413063).
* binary_codecs.sh: do not use fping (my code lost part of URLs) (closes:
#399144)
* binary_codecs.sh: warn that essential-ppc codecs need libstdc++5, thanks to
Bin Zhang (Closes: #404473) for pointing out.
* enable smb:// (Closes: #412079).
* mplayer.postinst: when vo=x11 or vo=fbdev, zoom=1 is set as well,
thanks to Robert Millan (Closes: #412252).
* -stop-xscreensaver option disables gnome-screensaver as well
(but only if cursor is inside mplayer window) , thanks Adam TlaÅka
and Reimar Döffinger (Closes: #404975).
* [INTL] fix small typo in English template, thanks cobaco (closes: #414393)
* [INTL] devices.html -> video.html , thanks cobaco (closes: #414392)
* [INTL] True Type -> TrueType , thanks cobaco (closes: #414394)
* [INTL] ~/.mplayer/mplayer.conf -> ~/.mplayer/config ,
thanks Jacobo Tarrio (closes: #408055)
Files:
39e58b08d59bc07196ebfcc8758a2066 1273 graphics optional mplayer_1.0~rc1-13.dsc
ffebfc596ca8068686eadaf6473edc5d 84059 graphics optional
mplayer_1.0~rc1-13.diff.gz
e7e45ccb64bd5be43823355933c9be6b 2051952 graphics optional
mplayer-doc_1.0~rc1-13_all.deb
df1b6141cbb001cb15235a8318716082 4424706 graphics optional
mplayer_1.0~rc1-13_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF8qli9B/tjjP8QKQRAswCAJ9xBPnwQ30ELZRgtzVxNHqr0jmsYwCeNEog
C0loAmSJtjyCnqYuGQrFTTM=
=/Ip6
-----END PGP SIGNATURE-----
--- End Message ---
