Your message dated Sun, 18 Mar 2007 15:02:12 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#414075: fixed in mplayer 1.0~rc1-12etch
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: xine-lib
Version: 1.1.2+dfsg-2
Severity: grave
Tags: patch, security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 says:
"The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in
MPlayer 1.0rc1 and earlier does not set the biSize before use in a
memcpy, which allows user-assisted remote attackers to cause a buffer
overflow and possibly execute arbitrary code."
xine-lib has a copy of this code in src/libw32dll/. Attached is the
(tiny) patch I used in Ubuntu for 1.1.2.
--
Kees Cook @outflux.net
--- xine-lib-1.1.2+repacked1.orig/src/libw32dll/dmo/DMO_VideoDecoder.c
+++ xine-lib-1.1.2+repacked1/src/libw32dll/dmo/DMO_VideoDecoder.c
@@ -118,6 +118,7 @@
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
memcpy(this->iv.m_bh, format, bihs);
+ this->iv.m_bh->biSize = bihs;
this->iv.m_State = STOP;
//this->iv.m_pFrame = 0;
--- End Message ---
--- Begin Message ---
Source: mplayer
Source-Version: 1.0~rc1-12etch
We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:
mplayer-doc_1.0~rc1-12etch_all.deb
to pool/main/m/mplayer/mplayer-doc_1.0~rc1-12etch_all.deb
mplayer_1.0~rc1-12etch.diff.gz
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch.diff.gz
mplayer_1.0~rc1-12etch.dsc
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch.dsc
mplayer_1.0~rc1-12etch_i386.deb
to pool/main/m/mplayer/mplayer_1.0~rc1-12etch_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Mennucc1 <[EMAIL PROTECTED]> (supplier of updated mplayer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 18 Mar 2007 15:13:11 +0100
Source: mplayer
Binary: mplayer-doc mplayer
Architecture: source i386 all
Version: 1.0~rc1-12etch
Distribution: testing-proposed-updates
Urgency: medium
Maintainer: A Mennucc1 <[EMAIL PROTECTED]>
Changed-By: A Mennucc1 <[EMAIL PROTECTED]>
Description:
mplayer - The Movie Player
mplayer-doc - documentation for MPlayer
Closes: 409431 413120 413880 414075 414251
Changes:
mplayer (1.0~rc1-12etch) testing-proposed-updates; urgency=medium
.
* fix for CVE-2007-1246 and similar (Closes: #414075)
thanks Kees Cook & Moritz Jodeitand & R Togni
patches for files
loader/dmo/DMO_VideoDecoder.c from SVN 22204
loader/dshow/DS_VideoDecoder.c from SVN 22205
* patch for ia64 unaligned access crash,
thanks to Bryan Stillwell for debugging &
Reimar Döffinger for the patch (Closes: #409431).
* [INTL] Japanese po-debconf templates translation,
thanks to Kobayashi Noritada (Closes: #413120).
* [INTL] Dutch po-debconf translation, thanks cobaco (Closes: #413880)
* [INTL] Russian po-debconf translation, thanks Yuri Kozlov (Closes:
#414251)
Files:
f85a2a529ebc95a8a678a8e77faa9462 1263 graphics optional
mplayer_1.0~rc1-12etch.dsc
22491866143c42f807ee51d02c495d01 79921 graphics optional
mplayer_1.0~rc1-12etch.diff.gz
c9207afac3cfc57941276f743df09d25 2050118 graphics optional
mplayer-doc_1.0~rc1-12etch_all.deb
53ae0e8b7f8c1d78a5e356dee91877b0 4420758 graphics optional
mplayer_1.0~rc1-12etch_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF/VDx9B/tjjP8QKQRAlENAJ4jsqFI328o8+I/b3+ZRxKw2ta4EgCeMrnL
9L+1OUKRb2qRysSzSRVPYsw=
=BBx7
-----END PGP SIGNATURE-----
--- End Message ---
